Blog postings

Spring and the Bluebell Woods · by mark | 24 Apr 2022, 9:41 p.m.

One of the signs of spring I look out for is the carpet of bluebells you get in some woods around here. Usually a sign that the cold days of winter are well behind us. Where I'm originally from the equivalent is the saying "cast ne'er a cloot until May be oot" - "Never throw away clothing until the May trees [hawthorns] are flowering". Bluebells are prettier. 
 

Bluebell woods in spring

 

coronavirus update · by mark | 5 Apr 2022, 8:12 a.m. (updated 12 May 2022, 7:07 a.m.)

When will this end urgh

only had mild symptoms; fatigue and coughing the worst. But fatigue was baaaaad man

Don't worry folks, I edited this post to tell you these are all negative now

 

I updated my dumb payslip reconciler · by mark | 2 Apr 2022, 2:52 p.m.

I updated by payslip checking thing to work with 2022/23 numbers. I thought this would be a straightforward thing, but turns out there is not. His Holiness Sunak decided to have two Primary Thresholds apply in one tax year, so I had to change the backend as well as just squirting some more parameters into the database. (If you don't know what the PT is - this is the number above which you start paying National Insurance via PAYE). 

Now I am not doing proper payroll calcs so this is all on the 30/360 day count convention instead of the Actual/Actual with rounding that is done in practice. But the PT thing has two effects. Means there is an awkward branch in a view. And also is a sign of the fact that the guys in charge hadn't planned this. For if they have, they'd have put it in with the start of the tax year. 

The PT change was signposted far in advance. Supposedly to give the payroll guys time to put it in properly. I managed to jam it into this terrible website in about an hour, and most of that was dealing with the fixture holding the 2022/23 rates and thresholds rather than coding (ten line change in Python to determine if we are in a special year, and if so do a special calc for the special months). I reckon the professional payroll software people could have put this in within minutes. 

 

Weather interrupting my run schedule · by mark | 8 Mar 2022, 11:24 a.m. (updated 12 May 2022, 7:09 a.m.)

My trainers won't grip in this

This is a view of the Meradalir flow

 
    deleted comment
    deleted comment
    deleted comment

Django and email verification · by mark | 26 Feb 2022, 9:02 p.m.

I had a fun (or, more correctly, "fun") time getting email verification set up on this website. Django's default auth mechanism will create an active account on demand but I want to add web features that let users send mail to themselves. So to avoid someone scripting ten million spams through this website I need to ensure users' emails are genuine. 

Basically I wanted a two step registration flow: create an account, and then click on a link to prove the email is actually yours. 

There are django apps that already do this but I wanted to roll my own. Also having based this site off the standard auth package it is not just a case of "download this new app" as there are already links between auth and everything else. Transplanting another app in is more pain than figuring out how to jam in two step registration to the current auth flow. 

First step is to amend the current flow so that all new accounts are created in an unusable state. This was quite straightforward in the end as I already had a custom user model with a very lightweight sign up view. You go to http://www.rkdouglas.co.uk/accounts/signup/ and this view renders a template with a form in it. You fill in the form and press the button and a user account is created. What happened here was I hijacked the form_valid method; this is the thing that saves the new user. I set the user's is_active property to False and save it. This is from the standard auth models; actually removing users from the database can cause problems so "deleting" means "mark inactive". So the new user is created but the standard active checks will mean they cannot do anything like log in. They are then redirected to a template that says "yo check your mail son"

Second step was to actually send the mail. This was the pain. Well not sending an email that is easy. It is creating the one time link that is the pig. 

I needed a destination first of all. I made a user activation view that was subclassed from template view. This looked for two URL parameters, the UID being activated and the activation token. For now the view just spat out the two URL params. 

Now I needed to fabricate the link to send. Again standard auth helps. It already does this for password reset requests using a token generator. So I borrowed this using a different hash. This can be stuffed into the URL. 

Email is then template driven. 

Final thing was to build the logic that tests whether the token is right. The token generator also validates tokens which is neat. If it is valid then you mark the account as active. Now the log in works. Hooray!