CentraleSupélecDépartement informatique
Plateau de Moulon
3 rue Joliot-Curie
F-91192 Gif-sur-Yvette cedex
The authentication and deadline module

The authentification module

The authentication module provides two functionalities:

  • Account creation. Any account is identified by a username and authenticated with a password.
  • User authentication. The verification of the credentials.

When an account is created, username and password are stored to table Login in the Pistus database. For security reasons, the password is stored in hashed form, rather than plain text. To this extent, we'll be using a hashing algorithm that transforms the password into another string that is virtually impossible to transform back to the original string.

👉 We use the Python package passlib to hash a password. The documentation is available on this page.

Account creation

Open file authentication.py.

You need to implement two functions:

  • encrypt_password. It takes in a plain text password and returns the hashed version.
  • create_account. It creates an account with the specified username and password.


Implement the two functions.

👉 When you're done, run file authentication.py to execute the main code. You'll be prompted to enter a username and a password in the Visual Studio Code terminal; these credentials will be then passed to the function create_account.

👉 Verify that the username and password that you entered appear in the table Login (with DB Browser for SQLite).


User authentication

User authentication consists of three steps:

  • the user provides username and password.
  • the password is hashed with the same algorithm used to encrypt it.
  • the hashed password is compared with the hash stored in the database. If the two hashes match, the user is granted access.

User authentication in PistusResa is implemented in function login_correct.

👉 Do you remember? The current implementation of function login_correct only lets in user admin with password Adm1n!


Overwrite the implementation of function login_correct to check whether a given username and password are correct. Follow the instructions in the comments associated to the function.

👉 Execute file pistus.py and log in with the account that you created in the previous question.


The Deadline module

The Deadline module is a background process that is executed as soon as the application PistusResa is opened, and then every 24 hours. At each execution, this module does the following operations:

  • It retrieves the unpaid registrations.
  • It identifies the expired registrations (the registration date is more than 5 days from the current date) and the late registrations (the registration date is less than 5 days from the current date).
  • It removes the expired registrations.
  • It sends a reminder by email to the students who have late registrations.


The playground

Let's learn more about sending emails and starting background processes.

Sending emails

Any application needs to talk to a SMTP server to send an email.

👉 SMTP (Simple Mail Transfer Protocol) is the protocol used by the application to talk to the server.

We have two options:

  • Using a local SMTP server.
  • Using a remote SMTP server.

We use the first option for now.

Open a new terminal in Visual Studio Code and type the following command:

python3 -m aiosmtpd -n

This command starts a SMTP server listening to port 8025 on your computer.

👉 The execution of the command shows no output. Is it normal? Yes, a server is an application that keeps waiting for requests. No need to show any output.

Background process

Leave the SMTP server alone and open file mdeadline_playground.py

The file uses two Python modules:

  • smtplib. Provides the functions to connect to a SMTP server.
  • email. Provides the functions to send emails.

In the definition of function send_email we find, among others, the following instructions:

  • smtplib.SMTP('localhost', 8025). Connection to the local SMTP server. localhost refers to your computer.
  • window.after(5000, send_email). Starts a background process that calls function send_email every 5 seconds.

👉 Read the comments in the file to understand all the instructions.


Run file mdeadline_playground.py and check the output of the SMTP server: it should contain the content of the email sent by the application. Verify that the email is sent every 5 seconds.

👉 No actual email is sent by using the local SMTP server. Disappointed? Hold your horses, at the end of this page you'll find out how to actually send an email with Python.

The deadline module

The deadline module is implemented in file mdeadline.py. The following functions are already implemented (make sure you read the code and the comments anyway):

  • deadline. Returns the payment deadline, given the registration date.
  • deadline_expired. Returns True if the payment deadline has passed, given a registration date.
  • deadline_aproaching. Returns True if the payment deadline is in two days from the current date. This function is used to identify the late registrations, for which an email reminder is necessary.
  • deadline_management_init. Initializes some of the global variables defined in the file. This function is called at the bottom of function open_main_window in file ./gui/mainwindow.py.

The following functions need to be implemented:

  • _unpaid_registrations. It returns all the unpaid registrations.
  • _expired_registrations. It returns all the registrations for which the payment deadline is expired.
  • _late_payment_registrations. It returns the registrations for which the payment deadline is two days from the current date.
  • _remove_expired_registrations. It removes all the expired registrations from the database.
  • _send_late_payment_reminder. It sends an automatic email to all students having late registrations.
  • deadline_management. This is the function that is invoked periodically to do the operations of the deadline module.

By following the instructions written in the comments of file ./mdeadline.py, implement all the functions.

👉 Retrieve the expired and late registrations from the database, note them down somewhere, and only then execute pistus.py to verify that the email reminders are sent to the correct students and the expired registrations are actually removed.


Remote SMTP server

In the previous activity we didn't actually send any email because we used a local SMTP server. If you want to learn how to send an email by using a remote SMTP server, you can read the details in this page.