2024-11-14-Thursday
created: 2024-11-14 05:36 tags: - daily-notes
Thursday, November 14, 2024
<< Timestamps/2024/11-November/2024-11-13-Wednesday|Yesterday | Timestamps/2024/11-November/2024-11-15-Friday|Tomorrow >>
šÆ Goal
- [ ] Update the password reset workflow to handle expired password verification links (and close out password reset issue).
š Results
- Updated the Django Views within the Accounts App
š± Next Time
- Finish fixing the password reset issue
š Notes
Back to resolving this issue with expired links on the password_reset_confirm.html
Django Template:
--redacted--
I created a Django View to help render the password reset confirm page via CustomPasswordResetConfirmView
in accounts/views.py
but it didn't seem to be referenced.
This was because I was automatically using Django's built-in views and routing to them in my config/urls.py
file under
path('accounts/', include('django.contrib.auth.urls'))
,
so I wasn't even accessing my custom Django View. I decided to remove that line entirely and explicitly handle all of the user auth views for logging in, signing up, resetting passwords, etc. by adding the Django Routes to the accounts/urls.py
file / Django Views to the accounts/views.py
file.
Then, I needed to override the dispatch
method of the built-in PasswordResetConfirmView
Django View to manually validate the CSRF Token. I would have liked to use a more elegant check for a valid form by overriding the form_invalid
function, however given the order that the page is visited and the token is validated, I don't think this is a possibility. Specifically, ChatGPT says that:
TheĀ
form_invalid
Ā method isn't being triggered in your case becauseĀform_invalid
Ā only runs if the submitted form fails validation. However, in yourĀPasswordResetConfirmView
, the form isn't even shown if the token is invalidāitās failing before that step in the dispatch flow.
I then updated the Django Template for the password_reset_confirm.html
to only display an error message (and not the rest of the HTML) if there is an invalid reset password link. The result looks like the following:
--redacted--
Much nicer. Now I can push these changes to Production and finally close out the Password Reset Functionality Issue and remove the following comment:
### LEFT OFF HERE 06/21/2022 ###
I pushed changes to Production. And then I got a 500 Response Error when trying to navigate to dimmin.com. I was able to identify the issue using the Heroku CLI via
heroku login
heroku logs
This showed me what was causing the 500 Response Error, specifically it said:
2024-11-14T14:52:27.059302+00:00 app[web.1]: django.urls.exceptions.NoReverseMatch: Reverse for 'logout' not found. 'logout' is not a valid view function or pattern name.
Turns out I forgot to add the logout
Django View and Django Template. That was a pretty easy fix but it was a little scary to see the site go down like that. I was already getting started on the next issue. Then I found out that every password reset link was invalid... Dammit.
Found out that the reason I couldn't use form_invalid
or form_valid
was because I wasn't actually reading in the token in my Django Route, specifically the dispatch didn't have the actual token as a kwarg, instead it only included the following:
{'uidb64': 'MQ', 'token': 'set-password'}
So it was checking if the string 'set-password'
was the valid token which it wasn't. When I manually entered the token from the link into that field it did validate. I'm trying to check for this automatic validation in the Django Template itself, but for some reason I just can't get it to render.
Next I decided to check out and solve the Blog Details footer issue, mainly caused by not skipping over inactive posts in the Blog App:
--redacted--
This time I explicitly created a branch associated with the issue in the UI so that I could just associate all of the changes with that specific issue.
Notes created today
List FROM "" WHERE file.cday = date("2024-11-14") SORT file.ctime asc
Notes last touched today
List FROM "" WHERE file.mday = date("2024-11-14") SORT file.mtime asc