chapter 18 listings done

Author: hjwp

chapter_18_spiking_custom_auth.asciidoc

@@ -29,43 +29,49 @@ account on the site.  So, without further ado, let's dive into authentication.
 ((("passwords")))
 Naturally we're not going to mess about with remembering passwords
 ourselves--besides being 'so' '90s, secure storage of user passwords is a
-security nightmare we'd rather leave to someone else.  We'll use something
-fun called passwordless auth instead.
+security nightmare we'd rather leave to someone else.
+We'll use something fun called passwordless auth instead.
 
-(If you 'insist' on storing your own passwords, Django's default auth
-module is ready and waiting for you. It's nice and straightforward, and I'll
-leave it to you to discover on your own.)
+(If you 'insist' on storing your own passwords,
+Django's default auth module is ready and waiting for you.
+It's nice and straightforward, and I'll leave it to you to discover on your own.)
 
 
 [role="pagebreak-before less_space"]
 === Passwordless Auth
 
+//TODO: this is called "magic links" these days,
+// this section probably needs an update
+
 
 ((("authentication", "passwordless")))
 ((("Oauth")))
 ((("Openid")))
 What authentication system could we use to avoid storing passwords ourselves?
-Oauth?  Openid?  "Login with Facebook"?   Ugh.  For me those all have
-unacceptable creepy overtones; why should Google or Facebook know what sites
-you're logging into and when?
+Oauth?  Openid?  "Login with Facebook"?   Ugh.
+For me those all have unacceptable creepy overtones;
+why should Google or Facebook know what sites you're logging into and when?
 
 In the first edition I used an experimental project called "Persona",
-cooked up by a some of the wonderful techno-hippy-idealists at Mozilla, but
-sadly that project was abandoned.
+cooked up by a some of the wonderful techno-hippy-idealists at Mozilla,
+but sadly that project was abandoned.
 
 Instead I've found a fun approach to authentication that goes by the name
 of "Passwordless", but you might call it "just use email".
 
-The system was invented by someone annoyed at having to create
-new passwords for so many websites, who found himself just using random,
-throwaway passwords, not even trying to remember them, and using the
-"forgot my password" feature whenever he needed to log in again. You can
+The system was invented (or at least popularised) back in 2014
+by someone annoyed at having to create new passwords for so many websites.
+They found themselves just using random, throwaway passwords,
+not even trying to remember them, and using the "forgot my password" feature
+whenever he needed to log in again.
+You can
 https://medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb#.cx8iber30[read
 all about it on Medium].
 
-The concept is:  just use email to verify someone's identity.  If you're
-going to have a "forgot my password" feature, then you're trusting email
-anyway, so why not just go the whole hog?  Whenever someone wants to log in,
+The concept is:  just use email to verify someone's identity.
+If you're going to have a "forgot my password" feature,
+then you're trusting email anyway, so why not just go the whole hog?
+Whenever someone wants to log in,
 we generate a unique URL for them to use, email it to them, and they then
 click through that to get into the site.
 
@@ -894,14 +900,20 @@ unless you absolutely must,
 so a user model that records an email address and nothing else
 sounds good to me!
 
-By now I'm sure you can manage to create the tests folder and its pass:[<em>__init__.py</em>],
-remove _tests.py_, and then add a _test_models.py_ to say:
+Let's start straight away with a tests folder instead of _tests.py_
+in this app:
 
+[subs=""]
+----
+$ <strong>rm src/accounts/tests.py</strong>
+$ <strong>mkdir src/accounts/tests</strong>
+$ <strong>touch src/accounts/tests/__init__.py</strong>
+----
 
-// TODO: l022 doesnt work with dofirst because it has two files in,
-// change to separate commits for __init__ and model or somefink
+And now let's add add a _test_models.py_ to say:
 
-[role="sourcecode dofirst-ch18l022"]
+
+[role="sourcecode"]
 .src/accounts/tests/test_models.py (ch18l023)
 ====
 [source,python]
@@ -922,6 +934,7 @@ class UserModelTest(TestCase):
 
 That gives us an expected failure:
 
+[role=""]
 ----
 django.core.exceptions.ValidationError: {'password': ['This field cannot be
 blank.'], 'username': ['This field cannot be blank.']}
@@ -937,6 +950,7 @@ Password?  Username?  Bah!  How about this?
 ----
 from django.db import models
 
+
 class User(models.Model):
     email = models.EmailField()
 ----
@@ -971,6 +985,7 @@ Now when we run our tests, Django complains
 that our custom user model is missing a couple of bits of metadata:
 
 
+[role="ignore-errors"]
 [subs="specialcharacters,macros"]
 ----
 $ pass:quotes[*python src/manage.py makemigrations*]
@@ -996,6 +1011,7 @@ Here you go:
 ----
 class User(models.Model):
     email = models.EmailField()
+
     REQUIRED_FIELDS = []
 ----
 ====
@@ -1023,7 +1039,7 @@ class User(models.Model):
     email = models.EmailField()
 
     REQUIRED_FIELDS = []
-    USERNAME_FIELD = 'email'
+    USERNAME_FIELD = "email"
     is_anonymous = False
     is_authenticated = True
 ----
@@ -1033,6 +1049,7 @@ class User(models.Model):
 And now we get a slightly different error:
 
 
+[role="ignore-errors"]
 [subs="specialcharacters,macros"]
 ----
 $ pass:quotes[*python src/manage.py makemigrations*]
@@ -1118,16 +1135,16 @@ it would be better to have a specific test:
 [source,python]
 ----
     def test_email_is_primary_key(self):
-        user = User(email='[email protected]')
-        self.assertEqual(user.pk, '[email protected]')
+        user = User(email="[email protected]")
+        self.assertEqual(user.pk, "[email protected]")
 ----
 ====
 
 It'll help us remember if we ever come back and look at the code again
 in future:
 
 ----
-    self.assertEqual(user.pk, '[email protected]')
+    self.assertEqual(user.pk, "[email protected]")
 AssertionError: None != '[email protected]'
 ----
 
@@ -1240,7 +1257,7 @@ AttributeError: 'Token' object has no attribute 'uid'. Did you mean: 'id'?
 
 Eventually you should get to this code...
 
-[role="sourcecode"]
+[role="sourcecode dofirst-ch18l038-1"]
 .src/accounts/models.py (ch18l038)
 ====
 [source,python]
@@ -1290,6 +1307,7 @@ And, perhaps with a bit more wrangling of migrations,
 that should get us to passing tests:
 
 
+[role="dofirst-ch18l041"]
 [subs="specialcharacters,quotes"]
 ----
 $ *python src/manage.py test accounts*

source/chapter_18_spiking_custom_auth/superlists

@@ -202,7 +202,7 @@ def patch_from_commit(self, commit_ref, path=None):
 
     def tidy_up_after_patches(self):
         # tidy up any .origs from patches
-        self.sourcetree.run_command('find . -name "*.orig" -exec rm {} \\;')
+        self.run_command('find . -name "*.orig" -exec rm {} \\;')
 
     def apply_listing_from_commit(self, listing):
         commit_spec = self.get_commit_spec(listing.commit_ref)

tests/sourcetree.py

@@ -5,21 +5,21 @@
 
 
 class Chapter18Test(ChapterTest):
-    chapter_name = 'chapter_18_spiking_custom_auth'
-    previous_chapter = 'chapter_17_second_deploy'
+    chapter_name = "chapter_18_spiking_custom_auth"
+    previous_chapter = "chapter_17_second_deploy"
 
     def test_listings_and_commands_and_output(self):
         self.parse_listings()
 
         # sanity checks
         # self.assertEqual(self.listings[0].type, 'other command')
-        self.assertEqual(self.listings[1].type, 'code listing with git ref')
-        self.assertEqual(self.listings[2].type, 'other command')
-        #self.assertTrue(self.listings[88].dofirst)
+        self.assertEqual(self.listings[1].type, "code listing with git ref")
+        self.assertEqual(self.listings[2].type, "other command")
+        # self.assertTrue(self.listings[88].dofirst)
 
         # skips
-        self.skip_with_check(28, 'switch back to main') # comment
-        self.skip_with_check(30, 'remove any trace') # comment
+        self.skip_with_check(28, "switch back to main")  # comment
+        self.skip_with_check(30, "remove any trace")  # comment
 
         # prep
         self.start_with_checkout()
@@ -28,31 +28,21 @@ def test_listings_and_commands_and_output(self):
         # hack fast-forward
         skip = False
         if skip:
-            self.pos = 39
-            self.sourcetree.run_command('git checkout {0}'.format(
-                self.sourcetree.get_commit_spec('ch15l020')
-            ))
+            self.pos = 38
+            self.sourcetree.run_command(
+                "git checkout {}".format(self.sourcetree.get_commit_spec("ch18l020"))
+            )
 
         while self.pos < len(self.listings):
             print(self.pos)
             self.recognise_listing_and_process_it()
 
         self.assert_all_listings_checked(self.listings)
-        # fix incomplete moves from dofirst-ch14l019
-        # self.sourcetree.run_command('git rm lists/static/base.css')
-        # self.sourcetree.run_command('git rm -r lists/static/bootstrap')
-        # self.sourcetree.run_command('git rm lists/static/tests/qunit.css')
-        # self.sourcetree.run_command('git rm lists/static/tests/qunit.js')
-
-        # and from the diff-version of settings.py
-        # self.sourcetree.run_command('rm superlists/settings.py.orig')
-
-        self.sourcetree.tidy_up_after_patches()
 
         # and do a final commit
         self.sourcetree.run_command('git add . && git commit -m"final commit"')
-        self.check_final_diff(ignore=["Generated by Django 1.11"])
+        self.check_final_diff(ignore=["Generated by Django 4.2"])
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     unittest.main()