Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Navi-27/Proyecto-UPC/llms.txt

Use this file to discover all available pages before exploring further.

Authentication in the Pokédex Web App uses Flask’s built-in server-side session. After a successful login, usuario_id and username are stored in the session cookie, which is signed with the app’s secret key (pokesecretkey123 by default). No external authentication library is required — credentials are verified locally by querying the SQLite usuarios table and running Werkzeug’s check_password_hash against the stored hash.

Login Flow

1

Navigate to /login

Open /login in your browser. The Iniciar Sesión page is rendered with a two-field form (username and password) and a link to /registro for users who do not yet have an account.
2

Enter your username and password

Fill in the Usuario and Contraseña fields. Both are marked required, so the browser will block submission if either is empty.
3

The server verifies your credentials

On POST /login, the server calls Usuario.login(username, password), which:
  • Executes SELECT * FROM usuarios WHERE username = ? against the usuarios table.
  • Passes the stored hash and the supplied plain-text password to werkzeug.security.check_password_hash.
  • Returns a Usuario(id, username) instance on a successful match, or None if the username does not exist or the password is wrong.
@staticmethod
def login(username, password):
    conn = get_connection()
    row = conn.execute(
        "SELECT * FROM usuarios WHERE username = ?", (username,)
    ).fetchone()
    conn.close()
    if row and check_password_hash(row["password"], password):
        return Usuario(row["id"], row["username"])
    return None
4

Success — session created and redirected to /

When Usuario.login returns a Usuario object, the server writes two values into the Flask session:
  • session['usuario_id'] — the integer primary key from the usuarios table.
  • session['username'] — the display name string shown in the navigation.
The user is then redirected to the home page (/) via url_for("index").
5

Failure — flash message shown

When Usuario.login returns None, the server flashes the message “Usuario o contraseña incorrectos” (category: error) and re-renders /login so the user can try again. No lockout or rate-limiting is applied.

Logout Flow

Logging out requires no form submission. Simply navigate to GET /logout (for example, by clicking a Logout link that points to /logout). The server calls session.clear(), which removes all session keys including usuario_id and username, then redirects to the home page (/). 
GET /logout  →  session.clear()  →  302 redirect to /
After logout, any attempt to visit a protected route will redirect back to /login.

Session Data Reference

KeyTypeValue
session['usuario_id']intAuto-incremented primary key from the usuarios table. Used to scope team and Pokédex data to the current user.
session['username']strPlain-text username as stored in the database. Displayed in the UI.

Protected Routes

The following routes check for an active session before serving content. Unauthenticated requests receive a 302 redirect to /login:

My Pokédex

GET /mi-pokedex — Lists every Pokémon the logged-in user has viewed on their detail page. Automatically tracked when you visit /pokemon/<nombre> while signed in.

My Team

GET /equipo — Displays the current user’s saved team of up to six Pokémon.

Add to Team

GET /equipo/agregar/<pokemon_id>/<nombre>/<imagen>/<tipos> — Adds a Pokémon to the current user’s team. Requires an active session; otherwise redirected to /login.

Remove from Team

GET /equipo/eliminar/<pokemon_id> — Removes a Pokémon from the current user’s team. Requires an active session; otherwise redirected to /login.
The default secret key pokesecretkey123 is hardcoded in application.py. This key is used to sign the session cookie — anyone who knows it can forge session data. You must change it before deploying to production. See the Installation guide for instructions.

Build docs developers (and LLMs) love

Get started for freeTalk to us