fix(#261): safe session language access

[DogukanUrker]

🤖 AI-generated change (local LLM via Hermes Agent). Not human-reviewed. Draft — do not merge without author review.

What changed

Replaced all unsafe session["language"] reads with session.get("language", "en") across 12 files. This prevents a KeyError (and 500 Internal Server Error) when the session language key is missing due to corruption, migration, or edge cases.

Files touched

• app/routes/change_password.py
• app/routes/change_profile_picture.py
• app/routes/change_username.py
• app/routes/create_post.py
• app/routes/edit_post.py
• app/routes/login.py
• app/routes/password_reset.py
• app/routes/post.py
• app/routes/set_language.py
• app/routes/signup.py
• app/routes/verify_user.py
• app/utils/delete.py

Write sites left untouched

app/utils/before_request/browser_language.py and app/routes/set_language.py contain session["language"] = ... assignments. These were intentionally left as bracket assignments since they are write operations, not reads.

Testing

• All changed files compile cleanly (py_compile verified).
• Post-change grep confirms only write assignments (session["language"] =) remain in the codebase — zero unsafe reads left.
• Full Playwright e2e suite was NOT run locally (no browser available in this sandbox). The CI workflow e2e-tests.yaml will cover e2e validation on merge.

Closes #261

Summary by CodeRabbit

• Bug Fixes
  • Improved language handling across login, signup, profile, post, password reset, verification, and deletion flows.
  • Messages now fall back to English when a language preference is missing, preventing errors and keeping user feedback visible.
  • Applied the same safeguard to both success and error notifications in affected actions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7910e355-94b8-4513-a4f9-0f23e9f29c6f

📥 Commits

Reviewing files that changed from the base of the PR and between 06c9f98 and c717a27.

📒 Files selected for processing (12)

• app/routes/change_password.py
• app/routes/change_profile_picture.py
• app/routes/change_username.py
• app/routes/create_post.py
• app/routes/edit_post.py
• app/routes/login.py
• app/routes/password_reset.py
• app/routes/post.py
• app/routes/set_language.py
• app/routes/signup.py
• app/routes/verify_user.py
• app/utils/delete.py

---

📝 Walkthrough

Walkthrough

All flash_message calls across 11 route files and app/utils/delete.py replace direct session["language"] indexing with session.get("language", "en"), defaulting to English when the session language key is absent.

Changes

Session Language Safe Access

Layer / File(s)	Summary
Route flash_message language fallback app/routes/login.py, app/routes/change_password.py, app/routes/change_profile_picture.py, app/routes/change_username.py, app/routes/create_post.py, app/routes/edit_post.py, app/routes/password_reset.py, app/routes/post.py, app/routes/set_language.py, app/routes/signup.py, app/routes/verify_user.py	All flash_message language arguments changed from session["language"] to session.get("language", "en") across all error and success paths.
Delete utility flash_message language fallback app/utils/delete.py	delete_post, delete_user, and delete_comment flash message calls updated with the same safe session language lookup.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 A key that's missing once caused dread,
A 500 error, users fled.
Now .get with "en" saves the day,
No KeyError gets in the way.
Hop hop, the session's safe to say! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is concise and accurately summarizes the safe session language access fix.
Description check	✅ Passed	The description covers the issue link, main change, touched files, and testing, though it does not match the template headings exactly.
Linked Issues check	✅ Passed	The changes replace unsafe session["language"] reads with session.get(..., "en") across the affected routes and utility.
Out of Scope Changes check	✅ Passed	All reported edits stay focused on safer language reads and defaulting to English, with no unrelated code changes.
Docstring Coverage	✅ Passed	Docstring coverage is 92.86% which is sufficient. The required threshold is 80.00%.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/261-safe-session-language-access

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}