Blog postings

Django and email verification · by mark | 26 Feb 2022, 9:02 p.m.

I had a fun (or, more correctly, "fun") time getting email verification set up on this website. Django's default auth mechanism will create an active account on demand but I want to add web features that let users send mail to themselves. So to avoid someone scripting ten million spams through this website I need to ensure users' emails are genuine. 

Basically I wanted a two step registration flow: create an account, and then click on a link to prove the email is actually yours. 

There are django apps that already do this but I wanted to roll my own. Also having based this site off the standard auth package it is not just a case of "download this new app" as there are already links between auth and everything else. Transplanting another app in is more pain than figuring out how to jam in two step registration to the current auth flow. 

First step is to amend the current flow so that all new accounts are created in an unusable state. This was quite straightforward in the end as I already had a custom user model with a very lightweight sign up view. You go to http://www.rkdouglas.co.uk/accounts/signup/ and this view renders a template with a form in it. You fill in the form and press the button and a user account is created. What happened here was I hijacked the form_valid method; this is the thing that saves the new user. I set the user's is_active property to False and save it. This is from the standard auth models; actually removing users from the database can cause problems so "deleting" means "mark inactive". So the new user is created but the standard active checks will mean they cannot do anything like log in. They are then redirected to a template that says "yo check your mail son"

Second step was to actually send the mail. This was the pain. Well not sending an email that is easy. It is creating the one time link that is the pig. 

I needed a destination first of all. I made a user activation view that was subclassed from template view. This looked for two URL parameters, the UID being activated and the activation token. For now the view just spat out the two URL params. 

Now I needed to fabricate the link to send. Again standard auth helps. It already does this for password reset requests using a token generator. So I borrowed this using a different hash. This can be stuffed into the URL. 

Email is then template driven. 

Final thing was to build the logic that tests whether the token is right. The token generator also validates tokens which is neat. If it is valid then you mark the account as active. Now the log in works. Hooray!

 

Webdev is a disaster · by mark | 16 Feb 2022, 11 p.m.

I started writing code in the 1980s. The platform was an Amiga 500, with an entire 512KB of RAM; the language was Microsoft Basic. I could just about render a pixel and move it. I was also still at primary school. What did you do at primary? Have your mum called after your gym plimsoll somehow ended up full of liquid? Once I realised I could make this machine do whatever I wanted, once I figured out what arcane incantations were needed, I was hooked. Add up all numbers from 1 to 100 in the blink of an eye? Yep! (This was before I learned about Gauss' trick: 1 + 2 + ... + 99 + 100 = (1 + 100) + (2 + 99) + ... = 50 x 101 = 5050)

Soon I find myself with a 486 and a copy of Yggdrasil Linux. And a tome called 'teach yourself C'. Before long I was shuffling pointers to structs around. Occasionally they worked. Ended up getting paid to write Fortran using MPI on big grids before I did a career change. Even saw something that began CBL CICS for my sins. 

Now I am here cranking out Python on websites. Boy.

Everything is a framework. Can't even spin up a website any more without learning about pushing to some remote git repository and configuring a deployment script. There will be errors. You will try to google them. You will get four hundred half hearted blog posts that tell you that what you typed will work. You can try asking on stack overflow but you will get told it is a duplicate question, the duplicate being asked in 2014 (essentially the neolithic) and not actually answered. I had a website in the late 90s. It was Notepad and FTP. Any idiot could, and did, make websites back then; that was the point. 

Documentation is extremely poor. You get lists of object methods which give no idiomatic examples of usage. You hack it to work somehow and then it turns out you are writing like an idiot and all of your user data is exposed to people called Sergey who are trying to find cycles to mine cryptocurrency. Guides, such as they are, are garbage blog posts or, worse, blog posts masquerading as static web pages that are a billion versions out of date. 

Packages. Modules. Do you use pip or brew or rpm or bbq to download all these zillion plugins you need to make anything work? It is acceptable to require every page to download 2MB of scripts and stylesheets just to render a cat picture. It's obscene. You used to get entire software suites in that space that did useful stuff! 

Javascript is a continued disaster area. Maniacally deranged type casting rules and you can never tell what a given expression will do without advanced knowledge of the runtime state. I much prefer it when an int is an int and if it overflows it is on you. 

It's quite satisfying when it works. I should've picked up fortran for GPUs instead though. Prettier. 

 

 

I quite like this Wordle thing · by mark | 29 Jan 2022, 8:17 a.m.

Although can be tense!

Wordle 224 4/6

โฌ›๐ŸŸฆโฌ›โฌ›โฌ›
โฌ›๐ŸŸง๐ŸŸงโฌ›๐ŸŸง
โฌ›๐ŸŸง๐ŸŸง๐ŸŸง๐ŸŸง
๐ŸŸง๐ŸŸง๐ŸŸง๐ŸŸง๐ŸŸง

 

Went a bit further today · by mark | 29 Jan 2022, 8:16 a.m.

Here is Pegwell at sunrise!

 
    mark: Did 7.78km in 53:59. Would like to be able to do 10k in 1h but first things first!

More of my cats · by mark | 23 Jan 2022, 4:38 p.m.

This is Misu and Cosmos, caught in flagrante