# Lesson 1: Creating a Basic Login Endpoint

Here's the text reformatted in Markdown for readability:

# Creating a Basic Login Endpoint

Welcome to our first lesson on authentication with Flask!

Today, we'll learn how to build a simple login system for our web application. This lesson is foundational because login systems are crucial for almost any web app that handles user data or personalized experiences.

By the end of this unit, you'll be able to create an endpoint that accepts login credentials, validates them, and responds accordingly.

## Initial Setup

Before we dive into building the login endpoint, let's set up our application and mock database.

```python
from flask import Flask, request, jsonify

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]
```

This code initializes a Flask app and creates a mock dataset that we'll use for authentication.

## Introducing Marshmallow for Data Validation

To ensure the login credentials are in the correct format, we'll use Marshmallow to help us validate and deserialize input data.

Let's create a simple schema for our login data with `username` and `password`:

```python
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of LoginSchema
login_schema = LoginSchema()
```

In this schema, we define `username` and `password` as required string fields and use `Length(min=1)` to ensure both fields are not empty.

## Creating the Login Endpoint

Now, let's create the `/login` endpoint in our Flask application. This is where users will send their login credentials.

```python
from flask import request, jsonify

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    pass
```

## Validating Incoming Login Data

To validate the incoming data from the request, we will use the `LoginSchema` we previously defined.

```python
# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400
```

## Extracting and Authenticating User

We can now extract the `username` and `password` from the validated data and check for the given username in our mock database.

```python
# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400

    # Extract username and password from the validated data
    username = data['username']
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
```

## Checking Credentials and Responding

Finally, once we know the user exists, we check if the given password matches with the one in the database. Then, respond accordingly.

```python
# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400

    # Extract username and password from the validated data
    username = data['username']
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # Login successful
        return jsonify(message="Login successful"), 200
    else:
        # Return an error if the user does not exist or the password is incorrect
        return jsonify(error="Bad username or password"), 401
```

## Accessing the Login Endpoint

When the client sends a POST request to `/login` with correct credentials, they should receive a 200 OK response with a message indicating a successful login:

```json
{ 
    "message": "Login successful" 
}
```

However, if the client provides incorrect credentials, they will receive a 401 Unauthorized response indicating a bad username or password:

```json
{ 
    "error": "Bad username or password" 
}
```

Additionally, if the request fails validation, such as missing required fields, the client will receive a 400 Bad Request response with error details:

```json
{ 
    "error": "Validation error details here" 
}
```

## Summary and Next Steps

In this lesson, we learned to create a basic login endpoint using Flask by covering how to:

1. Validate data to ensure login credentials are well-formed.
2. Create a `/login` endpoint to accept, validate, and authenticate user credentials.
3. Handle errors with appropriate responses for validation failures and incorrect login attempts.

Next, you'll put this knowledge into practice by creating and testing your own login endpoint. In upcoming lessons, we'll explore JWT (JSON Web Token) authentication to further secure our application. Stay tuned and continue practicing!

## Run the Login Endpoint

Good job getting the basics down!

Now let's see your basic login endpoint in action. You don't need to worry about writing or changing any code. Just click on Run, and it will automatically set up the server for you and test the login endpoint.

Give us a few seconds to set up the environment, and you'll be ready to run it!

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of LoginSchema
login_schema = LoginSchema()

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400

    # Extract username and password from the validated data
    username = data['username']
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # Login successful
        return jsonify(message="Login successful"), 200
    else:
        # Return an error if the user does not exist or the password is incorrect
        return jsonify(error="Bad username or password"), 401

```

## Complete the Login Responses

Well done running the code! Now let's put your new skills to the test.

Your mission is to complete the code for a basic login endpoint in Flask. You'll need to fill in the missing return statements as indicated by the TODO comments.

Make sure to return appropriate JSON responses and status codes based on the instructions.

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of LoginSchema
login_schema = LoginSchema()

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # TODO: Return a JSON error message with the `err.messages` and a 400 status code
        return 

    # Extract username and password from the validated data
    username = data['username']
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # TODO: Return a JSON message indicating successful login with a 200 status code
        return 
    else:
        # TODO: Return a JSON error message indicating "Bad username or password" with a 401 status code
        return 

```

To complete the `login` endpoint, you need to add the appropriate return statements for each scenario. Here's the updated code with the correct JSON responses and status codes:

```python
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of LoginSchema
login_schema = LoginSchema()

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # Return a JSON error message with the err.messages and a 400 status code
        return jsonify(error=err.messages), 400

    # Extract username and password from the validated data
    username = data['username']
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # Return a JSON message indicating successful login with a 200 status code
        return jsonify(message="Login successful"), 200
    else:
        # Return a JSON error message indicating "Bad username or password" with a 401 status code
        return jsonify(error="Bad username or password"), 401

# Run the app only if this script is executed directly
if __name__ == "__main__":
    app.run(debug=True)
```

### Explanation of Changes:
- **Validation Error Handling**: If the incoming login data does not pass the validation checks (e.g., missing `username` or `password`), a `400` status code is returned along with the error messages.
  
  ```python
  return jsonify(error=err.messages), 400
  ```

- **Successful Login**: When the login is successful (i.e., username and password match), a `200` status code is returned with a success message.
  
  ```python
  return jsonify(message="Login successful"), 200
  ```

- **Failed Login**: If the username is not found or the password does not match, a `401` status code is returned with an error message indicating incorrect credentials.
  
  ```python
  return jsonify(error="Bad username or password"), 401
  ```

With these changes, the login endpoint is complete and will handle validation errors, successful logins, and failed logins appropriately.

## Fix the Login Endpoint Bug

Great progress so far! Now, let's take it a step further.

The given Flask application has a /login endpoint that tries to authenticate users based on their credentials. However, there's a mistake in the code, making it break for some requests.

Let's find and fix the error.

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(validate=Length(min=1))
    password = fields.Str(validate=Length(min=1))

# Create an instance of LoginSchema
login_schema = LoginSchema()

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400

    # Extract username and password from the validated data
    username = data['username']
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # Login successful
        return jsonify(message="Login successful"), 200
    else:
        # Return an error if the user does not exist or the password is incorrect
        return jsonify(error="Bad username or password"), 401

```

Let's walk through the code to spot the issue and fix it.

### Problem

The `/login` endpoint seems straightforward: it validates the incoming data using `marshmallow`, then checks the credentials against a mock database. However, the code can fail due to a few potential issues:

1. **Missing or invalid JSON payload**: The `request.get_json()` method expects a valid JSON request body. If the client sends an empty or invalid JSON, `request.get_json()` will return `None`, causing an error when `login_schema.load(None)` is executed.
   
2. **Unnecessary reliance on exact JSON keys**: If the JSON payload is missing a field or is structured incorrectly, this could raise unexpected issues.

### Solution

We need to:
- Ensure the request payload is valid and contains JSON.
- Handle the case when `request.get_json()` returns `None`.

### Code Fix

We'll fix these issues by:
1. Checking whether `request.get_json()` returns `None` before proceeding.
2. Adding a fallback if the content type is incorrect or the JSON is invalid.

Here's the updated code:

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(validate=Length(min=1), required=True)
    password = fields.Str(validate=Length(min=1), required=True)

# Create an instance of LoginSchema
login_schema = LoginSchema()

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    # Check if the request contains a JSON payload
    if not request.is_json:
        return jsonify(error="Invalid input: Expected JSON data"), 400

    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400
    except Exception as e:
        # Catch any other exceptions that might occur
        return jsonify(error="An error occurred while processing the request"), 500

    # Extract username and password from the validated data
    username = data.get('username')
    password = data.get('password')

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # Login successful
        return jsonify(message="Login successful"), 200
    else:
        # Return an error if the user does not exist or the password is incorrect
        return jsonify(error="Bad username or password"), 401
```

### Key Changes:
1. **JSON check**: We added `if not request.is_json` to ensure the request is JSON before processing.
2. **Error handling**: Added a general `except` block to handle unexpected issues gracefully.
3. **Using `.get()` for data extraction**: This provides safer extraction of the username and password without causing a `KeyError` if the fields are missing.

Now, this ensures that the `/login` endpoint gracefully handles invalid requests and only proceeds if the payload is valid JSON.

## Handling the Login Data

You have already made significant progress!

In this task, you'll enhance your Flask app by completing the login endpoint. Your goals are to:

Validate and deserialize the input data using the LoginSchema.
Extract the username and password from the deserialized data.
Check if user is not None and verify if the password matches the stored password.
Are you ready to further sharpen your skills? Let's dive in!

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of LoginSchema
login_schema = LoginSchema()

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # TODO: Validate and deserialize the input data according to the schema
        
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400

    # TODO: Extract username from the validated data
    username = 
    # TODO: Extract password from the validated data
    password = 

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # TODO: Check if the user exists and if the password matches
    
        # Response in case the user exists and password matches
        return jsonify(message="Login successful"), 200
    else:
        # Return an error if the user does not exist or the password is incorrect
        return jsonify(error="Bad username or password"), 401

```

You're almost there! Let's complete the Flask `/login` endpoint step by step by implementing the TODOs.

### Steps to Complete:

1. **Validate and deserialize** the input data using `login_schema`.
2. **Extract the username and password** from the validated data.
3. **Check** if the user exists and if the password matches.

Here's the completed code with the missing parts filled in:

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "cosmo", "password": "space-corgi"}
]

# Define a schema for the login data
class LoginSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of LoginSchema
login_schema = LoginSchema()

# Define a route to receive login credentials
@app.route('/login', methods=['POST'])
def login():
    try:
        # Validate and deserialize the input data according to the schema
        data = login_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400

    # Extract username from the validated data
    username = data['username']
    # Extract password from the validated data
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)
    
    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # Response in case the user exists and password matches
        return jsonify(message="Login successful"), 200
    else:
        # Return an error if the user does not exist or the password is incorrect
        return jsonify(error="Bad username or password"), 401

# Run the app if executed directly
if __name__ == "__main__":
    app.run(debug=True)
```

### Explanation:

1. **Data Validation and Deserialization**:
   - The `login_schema.load(request.get_json())` validates the incoming JSON request and checks if both `username` and `password` are non-empty strings.
   - If the validation fails (e.g., missing fields), it throws a `ValidationError`, which is caught and results in a `400 Bad Request` response.

2. **Extracting Credentials**:
   - Once validation succeeds, the data is deserialized into a Python dictionary. We then extract the `username` and `password` fields.

3. **User Lookup and Authentication**:
   - We use the Python `next()` function to find the user in the mock `database`.
   - If the user is found and the password matches, the user is authenticated, and a "Login successful" message is returned with status code `200`.
   - If the user is not found or the password is incorrect, a `401 Unauthorized` response is returned with an appropriate error message.

Now, the login endpoint should work as expected! You can test this with a tool like Postman or Curl, sending a POST request to `/login` with a JSON body containing the `username` and `password`.

## Implement a Signin Endpoint

Well done on making it this far! You've learned the core concepts, and now it's time to showcase your skills.

Your mission is to write a /signin endpoint that>

Accepts POST requests containing JSON payloads with username and password.
Validates the incoming data using Marshmallow.
Authenticates the user credentials against a mock database.
Responds appropriately with:
"Signin successful" and a 200 status code if correct.
An error message and a 400 status code if schema validation fails.
"Bad username or password" and a 401 status code if credentials are incorrect. You can use a function similar to this to find an item in the database.
Python
Copy
item = next((item for item in database if item["key"] == value), None)
Let's see what you can do with this challenge. Good luck!

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "luna", "password": "moon-cat"}
]

# Define a schema for the signin data
class SigninSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of SigninSchema
signin_schema = SigninSchema()

# TODO: Define a route to receive signin credentials
# - Create a POST endpoint at '/signin'
# - Validate input using the schema
# - Respond with an appropriate error message and a 400 status code if data validation fails
# - Extract 'username' and 'password' from the validated data
# - Check if the user exists in the database and if the password matches
# - Respond with 'Signin successful' and a 200 status code if the credentials are correct
# - Respond with 'Bad username or password' and a 401 status code if the credentials are incorrect

```

Here's the completed `/signin` endpoint that meets all the requirements of the challenge. We'll use the `marshmallow` library to validate the input and a mock database to authenticate the user.

### Full Solution:

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError
from marshmallow.validate import Length

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database of users
database = [
    {"id": 1, "username": "luna", "password": "moon-cat"}
]

# Define a schema for the signin data
class SigninSchema(Schema):
    username = fields.Str(required=True, validate=Length(min=1))
    password = fields.Str(required=True, validate=Length(min=1))

# Create an instance of SigninSchema
signin_schema = SigninSchema()

# Define a route to receive signin credentials
@app.route('/signin', methods=['POST'])
def signin():
    try:
        # Validate and deserialize the input data according to the schema
        data = signin_schema.load(request.get_json())
    except ValidationError as err:
        # If validation fails, return an error message and a 400 status code
        return jsonify(error=err.messages), 400

    # Extract username and password from the validated data
    username = data['username']
    password = data['password']

    # Find the user in the mock database
    user = next((user for user in database if user["username"] == username), None)

    # Check if the user exists and if the password matches
    if user and user["password"] == password:
        # Signin successful
        return jsonify(message="Signin successful"), 200
    else:
        # Return an error if the user does not exist or the password is incorrect
        return jsonify(error="Bad username or password"), 401

# Run the app if executed directly
if __name__ == "__main__":
    app.run(debug=True)
```

### Key Steps:

1. **Validation using Marshmallow**:
   - The `SigninSchema` ensures that the `username` and `password` are non-empty strings.
   - If the validation fails, a `400 Bad Request` response with detailed error messages is returned.

2. **Extracting Data**:
   - Once the input is validated, we extract the `username` and `password` fields from the request.

3. **User Authentication**:
   - We use `next()` to find a user in the mock `database` with the matching username.
   - If the user is found and the password matches, a success message with a `200` status code is returned.
   - If the username or password is incorrect, a `401 Unauthorized` response is returned with the message "Bad username or password".

### Example POST Request:

You can test this with a tool like **Postman** or **cURL** by sending a `POST` request to `/signin` with a JSON payload.

#### Example Request:
```json
{
  "username": "luna",
  "password": "moon-cat"
}
```

#### Example Response (Successful):
```json
{
  "message": "Signin successful"
}
```

#### Example Response (Failed - Wrong Credentials):
```json
{
  "error": "Bad username or password"
}
```

This solution meets all the requirements and ensures proper validation, authentication, and response handling!