WEBVTT

00:00.590 --> 00:08.480
Okay, finally, it's time that we're gonna have a live debut of this Remember Me feature we've been

00:08.480 --> 00:12.590
cooking for the last 30 or 40 minutes.

00:12.800 --> 00:15.020
Let's begin by changing the form.

00:17.360 --> 00:25.730
This is a create form inside the auth folder, and that's our placeholder for a Remember Me feature.

00:26.360 --> 00:33.230
Let's add it then start with a label for the remember field.

00:33.350 --> 00:37.040
And we're going to wrap the input with the label.

00:37.070 --> 00:40.850
The input is of type checkbox.

00:42.140 --> 00:43.370
The ID is.

00:43.370 --> 00:46.340
Remember needs to be the same as this for attribute.

00:46.340 --> 00:53.120
So it can be activated when the label is clicked and the name is.

00:53.120 --> 00:54.470
Also remember.

00:57.380 --> 01:05.150
Let's Self close and add the Remember Me text.

01:05.630 --> 01:10.880
Okay, so this looks terrible and my suggestion would be to just ignore that.

01:10.910 --> 01:14.540
We can restyle this app a little later.

01:14.540 --> 01:17.030
So I don't think we should focus on this right now.

01:17.030 --> 01:29.120
Let's just close it and go back to the auth class or more specifically to auth controller as that's

01:29.120 --> 01:30.710
the first point.

01:31.580 --> 01:31.910
Okay.

01:31.940 --> 01:34.700
So we've got the email, the password.

01:34.730 --> 01:38.000
We are missing the remember setting.

01:39.770 --> 01:47.600
So here we should either get the remember token if it's present.

01:47.690 --> 01:52.970
So maybe we can first verify if it was sent.

01:53.630 --> 02:02.000
So if there is a Remember token set, we're going to use a ternary operator.

02:03.110 --> 02:06.770
Then we get the remember token.

02:06.800 --> 02:08.990
Otherwise we set to false.

02:10.010 --> 02:13.160
Maybe we can also cast this to boolean.

02:16.430 --> 02:16.580
Yeah.

02:16.580 --> 02:18.140
Let's see what's the value actually.

02:18.140 --> 02:24.500
So let me var dump the remember value.

02:27.470 --> 02:30.050
I'm going to type any data in here.

02:30.050 --> 02:33.440
And yeah I need to also die.

02:33.470 --> 02:37.430
So we are just testing what will be sent okay.

02:37.460 --> 02:44.270
So if we don't check it then we have a boolean.

02:44.270 --> 02:47.120
This seems fine.

02:48.140 --> 02:50.420
Um, let me jump back.

02:50.450 --> 02:54.680
And if I select this check box I'm getting true.

02:54.710 --> 02:58.970
So this is perfectly fine what we expect.

02:59.810 --> 03:07.400
And this value would be used for the auth attempt which should have another argument.

03:08.330 --> 03:17.990
So this next argument would be the boolean remember which is defaulting to false.

03:17.990 --> 03:22.430
So we don't break any existing code okay.

03:22.430 --> 03:31.820
So in this attempt method we mark the user as being sign in regenerating the session, setting the user

03:31.820 --> 03:36.140
ID on the session and we should do something else.

03:36.680 --> 03:48.140
So if the remember token is expected, we additionally use the Remember Me class static method.

03:48.590 --> 03:56.120
And I think we should call create token for this user.

03:57.710 --> 04:00.290
I'm not sure if this would be an integer.

04:00.500 --> 04:02.960
We can see later on anyway.

04:03.290 --> 04:07.190
This just does everything what's required.

04:07.190 --> 04:08.720
So a quick reminder.

04:09.050 --> 04:11.270
Storing a token in a database.

04:11.780 --> 04:14.900
Setting a cookie and returns the token.

04:15.080 --> 04:21.320
We might not need this token inside the auth class, but we definitely need to create it.

04:23.930 --> 04:28.250
Then we should definitely do something when we log out.

04:28.640 --> 04:30.980
So we destroy the session.

04:30.980 --> 04:33.020
We reset the user.

04:33.050 --> 04:36.830
That is just a static property on this class.

04:37.070 --> 04:42.530
But additionally we should start with clearing the token.

04:43.130 --> 04:48.650
So this Remember Me class has a clear token method.

04:49.790 --> 04:50.690
It is simple.

04:50.690 --> 04:57.890
It's not deleting all possible tokens for that user, as user might have many on different devices.

04:58.310 --> 05:03.500
It's just checking inside, let's say the current session.

05:03.500 --> 05:07.760
Current browser session for the token cookie.

05:07.910 --> 05:09.980
If there is a cookie.

05:10.370 --> 05:15.380
It tries to find a token that would be valid because invalid tokens.

05:15.500 --> 05:17.990
Well, we don't need to worry about them.

05:17.990 --> 05:24.260
We might want to remove them after some time, but we definitely don't need to worry about them because

05:24.260 --> 05:26.240
they are expired.

05:26.330 --> 05:35.540
And if it finds a token in a database, it is deleting it and then it's removing the cookie, thus forgetting

05:35.540 --> 05:36.470
the token.

05:37.580 --> 05:40.910
That definitely needs to happen when we sign out.

05:41.690 --> 05:47.090
And here we also got this user method.

05:47.300 --> 05:51.530
So currently it is relying on the session.

05:51.980 --> 06:01.520
But we also have this remember token, and it exists for that very reason that user might have an expired

06:01.520 --> 06:04.610
session after a couple of hours of inactivity.

06:04.940 --> 06:13.400
So also here we need to check if maybe the user has a cookie and we can fetch the current user using

06:13.400 --> 06:15.320
this Remember Me token.

06:16.310 --> 06:18.560
So let's jump to Remember Me class again.

06:18.560 --> 06:22.340
And we have this validate token method.

06:22.490 --> 06:24.320
We enlarge the code editor.

06:24.590 --> 06:27.920
Let me see if we have used this anywhere.

06:27.950 --> 06:31.130
Now it is just defined okay you know what.

06:31.130 --> 06:37.070
Since this is returning a user I'm not sure this should be called validate token.

06:38.300 --> 06:44.900
It may be should just be called user because it knows what it needs to do.

06:45.170 --> 06:47.640
It's not accepting any arguments.

06:47.640 --> 06:57.180
It's getting data from the cookie and it is fetching the user from the database if there is a cookie.

06:59.430 --> 07:04.440
So that's an alternative to what we are doing right here.

07:07.350 --> 07:19.680
And this means that if we cannot get the user ID from the session, another way we can do is to try

07:19.680 --> 07:24.630
and get the user from the Remember Me token.

07:25.290 --> 07:32.430
Okay, so since here we are checking if the user ID is set and if it is in the session.

07:32.430 --> 07:37.260
We are trying to find the user inside the database or we return null.

07:37.380 --> 07:44.070
This other condition can actually be remember me user.

07:45.290 --> 07:49.070
So we prefer a session that is our first choice.

07:49.070 --> 07:56.900
But if there is no one in the session or we can't find the user from the session, we try using the

07:56.900 --> 08:04.610
Remember Me token, which as we can see, will either return the found user looking at the cookie,

08:05.030 --> 08:12.920
then a token in the database and then fetching the user with this given remember token or well, it

08:12.920 --> 08:18.680
will just return null, which aligns perfectly with our logic right here.

08:18.680 --> 08:23.690
I can reformat that so it is clear what's happening.

08:23.720 --> 08:27.440
And then we always return static user.

08:29.480 --> 08:31.010
So it wasn't very complicated.

08:31.010 --> 08:39.530
And I think we added this remember me functionality at least theoretically, because obviously now it's

08:39.530 --> 08:40.760
the hardest part.

08:40.760 --> 08:43.370
We need to see if it works.

08:45.720 --> 08:53.100
So first let me open the terminal and let's make sure we updated the schema.

08:54.600 --> 08:57.840
So we've got the okay schema load.

08:59.040 --> 09:00.210
It's updated.

09:00.240 --> 09:02.370
Let me verify this.

09:03.750 --> 09:07.380
That's database block SQLite.

09:07.410 --> 09:10.140
I should see another table.

09:10.140 --> 09:12.630
You might refresh if you don't see it.

09:13.770 --> 09:19.290
So there we have a Remember Tokens table.

09:20.130 --> 09:22.530
Let me jump to remember token.

09:22.560 --> 09:26.340
If the table name is right that's remember tokens.

09:26.340 --> 09:29.610
So far everything is going fine.

09:30.120 --> 09:36.330
So I think that our next step should be to test that.

09:37.800 --> 09:42.020
So I think I need a bigger browser window.

09:42.050 --> 09:53.150
We need to see at least if I will be able to sign in, if the cookie would be created, if the remember

09:53.180 --> 10:02.450
token would be created, then we're gonna try somehow to reset the session and we'll see if I will be

10:02.450 --> 10:03.530
still authenticated.

10:03.530 --> 10:07.460
Thanks to this cookie and the token stored in the database.

10:08.120 --> 10:15.050
So simulating this process probably wouldn't be too easy and can take some time.

10:15.500 --> 10:17.030
A little bit of manual work.

10:17.060 --> 10:22.700
I think it will also be useful to just figure out how how all of those things work.

10:22.730 --> 10:27.710
That's why, um, we've prepared ourselves the best we can.

10:27.710 --> 10:36.530
And let's now take a short break before before the final boss, which is verifying if everything works

10:36.530 --> 10:37.310
perfectly.

10:37.340 --> 10:40.130
We see each other in couple seconds.