Merge branch 'sarknohun-patch-2'

chapter_19_spiking_custom_auth.asciidoc

@@ -18,6 +18,9 @@ and our users are starting to come back to us with feedback.
 Manually remembering URLs is hard.
 It'd be great if it could remember what lists we'd started".
 
+// Sara: Note to Harry for practice
+// Sara: Note 2
+
 Remember Henry Ford and faster horses. Whenever you hear a user requirement,
 it's important to dig a little deeper
 and think--what is the real requirement here?
@@ -88,7 +91,7 @@ but this is just a fun toy project so let's give it a go.
 
 ((("django-allauth")))
 ((("python-social-auth")))
-The first thing I did was take a look at existing Python and Django authentication
+To get this Magic Links project set up, the first thing I did was take a look at existing Python and Django authentication
 packages, like https://docs.allauth.org/en/latest/[django-allauth]
 and https://github.com/omab/python-social-auth[python-social-auth],
 but both of them looked overcomplicated for this stage
@@ -101,8 +104,8 @@ and then we'll go through and "de-spike" the implementation--that is,
 replace the prototype with tested, production-ready code.
 
 You should go ahead and add this code to your own site too,
-and then you can have a play with it,
-try logging in with your own email address,
+and then you can have a play with it. 
+Try logging in with your own email address,
 and convince yourself that it really does work.
 
 
@@ -319,6 +322,8 @@ EMAIL_USE_TLS = True
 ====
 
 ((("Gmail")))
+// SARA : Do you want this to appear as an actual tip box?
+
 TIP: If you want to use Gmail as well,
     you'll probably have to visit your Google account security settings page.
     If you're using two-factor auth, you'll want to set up an
@@ -359,7 +364,7 @@ on the staging server as well.
 
 ((("authentication", "storing tokens in databases")))
 ((("tokens")))
-How are we doing?
+How are we doing? Let's review where we're at in the process:
 
 [role="scratchpad"]
 *****
@@ -395,7 +400,7 @@ not optimising database storage.
 We've got enough things we need to learn as it is!
 
 
-We switch on our new accounts app in _settings.py_:
+Let's switch on our new accounts app in _settings.py_:
 
 [role="sourcecode"]
 .src/superlists/settings.py (ch18l008-1)
@@ -416,7 +421,7 @@ INSTALLED_APPS = [
 ====
 //TODO; renumber listings
 
-We can do a quick migrations dance to add the token model to the db:
+We can then do a quick migrations dance to add the token model to the db:
 
 [subs="specialcharacters,macros"]
 ----
@@ -434,7 +439,7 @@ Running migrations:
 
 
 And at this point, if you actually try the email form in your browser,
-you'll see we can actually send email! See <<spike-email-sent>> and <<
+you'll see we can actually send email! See <<spike-email-sent>> and <<spike-email-received>>
 
 [[spike-email-sent]]
 .Looks like we might have sent an email
@@ -450,7 +455,7 @@ image::images/login-link-in-email.png["Screenshot of my email client showing the
 ((("authentication", "custom authentication models")))
 Before the login will work end-to-end though,
 we need to sort out user authentication in Django.
-
+// SARA: not clear that you're striking through half a todo item. call it out in the text?
 [role="scratchpad"]
 *****
 * '[strikethrough line-through]#How to send emails#'
@@ -546,11 +551,11 @@ Running migrations:
 ==== Finishing the Custom Django Auth
 
 ((("authentication", "custom Django authentication", id="SDcustom18")))
-Almost there--our last step combines recognising the token
+We're almost there--our last step combines recognising the token
 and then actually logging the user in.
 Once we've done this,
 we'll be able to pretty much strike off all the items on our scratchpad:
-
+//SARA again it's not clear whether we're changing the scratchpad or not?  how does it correspond to what we're actually doing?  could make a little gag here.
 [role="scratchpad"]
 *****
 * _[strikethrough line-through]#How to send emails#_
@@ -812,7 +817,7 @@ class LoginTest(FunctionalTest):
 <1> Were you worried about how we were going to handle retrieving emails in our
     tests?  Thankfully we can cheat for now! When running tests, Django gives
     us access to any emails the server tries to send via the `mail.outbox`
-    attribute. We'll discuss checking "real" emails later.
+    attribute. We'll discuss checking "real" emails in chapter ___.
 
 // TODO: link to "later".
 
@@ -843,7 +848,7 @@ and reintroduce them one by one in a test-driven way.
 
 
 ==== Reverting Our Spiked Code
-
+//SARA: This section needs some sort of very brief intro before jumping into the code
 [subs="specialcharacters,quotes"]
 ----
 $ *git checkout main* # switch back to main branch
@@ -1339,7 +1344,8 @@ We could use the `random` module, but Python actually comes with another module
 specifically designed for generating unique IDs called "uuid"
 (for "universally unique id").
 
-We can use that like this:
+// SARA pls merge into previous paragraph
+We can use it like this:
 
 
 [role="sourcecode"]