Does postman allow building form like this? - postman

Say I have api that returns form data. Data is not important here but will postman allow the following:
<form action="{{result.FormAction}}">
<input type="text" name="name" value="{{result.Name}}">
</form>
So the api will return data to be put into the form?
I can't find any articles or maybe searching for wrong thing.
Would I need to do this by JavaScript from Postman?
Problem
There is an API that requires a form post. This API is 3rd party so in the UI (this all works). The part of the form is generated by the API and fields are added to the form before it is posted from the client side. Our API returns the form action along with the fields that are generated on the server side.
So for my example above I am wondering if this could be tested by Postman. It's not critical as it all works well on the client side but would be nice to be able to run a few tests using Postman.

Related

Calling Zapier trigger from Django Code

Is there any way I can call the "Zapier trigger" from my Django Code,
Basically, I am having a Django form where the user will enter several email-id and when the user clicks on send button then I want to send this form data to Zapier in order to do the next action like writing in google spreadsheet or sending email to everyone.
David here, from the Zapier Platform team. The easiest way to do this is to have the form submit against your server and use a library like requests to POST to Zapier. This way, you don't have to worry about CORS or revealing the hook url to your users.
Hope that makes sense. ​Let me know if you've got any other questions!
I am not sure from your question if this is related to how to make the call from Python (which #xavdid answered) or how to trigger a zap. If this is about triggering a Zap, here's the answer.
Setup a Zap by choosing the Webhooks by Zapier app as the trigger. Choose catch a raw hook, if you need more control. In the next step, you will receive a URL where you can POST your form-data.
Everytime you POST data the Zap will be triggered. You can use the data available from your request in the action step for Google Sheets or Emails.
Here are a few Zap Templates that you could start from.
Add info to Google Sheets from a Webhook POST
Send emails from a Webhook POST (Using Zapier's email app)
Send emails from a Webhook POST (using Gmail)

Resend SMS code with Django Two-factor Authentication

I'm using Django with django-two-factor-auth for my web application. I can now send SMS via Twilio and verify it, but I haven't figured out how to resend the SMS code when I need i.e. click on "Didn't received your code? Resend!".
I have read through django-two-factor-auth docs but couldn't find any info about implementing this.
Do I need to configure django-two-factor-auth somehow, or customize the lib (which is what I don't really prefer to do) ?
Could you please help me? Thank you for your time :)
Currently this is not possible with this package. However feel free to request this issue on the GitHub repository.
Another possibility is to implement this yourself. The token is sent when the wizard page named token is rendered. Your template would need to submit a POST to the login view, requesting the same page. The button should look similar to the request backup token, so (untested) something like this:
<button name="challenge_device" value="{{ device.persistent_id }}"
class="btn btn-default btn-block" type="submit">Resend token</button>

Joomla simple text area that send data via POST

I'm developing my Joomla! 2.5 Component.
It, with an username && password passed via admin area, could connect to a webserver that send info via XML.
I can show this component in any part of front-end without problem.
Now i need to insert, in frontend for end-user, a single text-area where users could insert a value (e.g., theyr card number [it's a loyalty component]) and this value must be passed to previous component.
ATM I don't need AJAX call, page could be refreshed.
So process it must textarea => insert data => press submit => show component with result (page refresh, no problem).
I need to develop a plugin? I need to "extend" component? Saw several topic on web but i didn't found any that show a (i think) simple case like my.
I need a hand from you, to be on correct way.
Thank you.
In your main controller file you can access the post & get values, so
Where you want to place the input: Just create a form that points to your component, with appropriate
<form action="index.php?option=com_yourcomp" method="get"
<input type="text" name="your_text_input"...
Add all extra fields that you need.
In the controller.php of the com_yourcomp you will be able to access the user data with
JRequest::getVar('your_text_input') or jInput as you prefer.
Note on method="get": you do so if you want your users to be able to bookmark the page or you plan a redirect in your component. The user inputs must be limited to a few thousand chars at most. Otherwise use post, it really depends on your needs.

Cross Site Request Forgery protection in Django - a better explanation?

I've just completed part 4 of the Django 1.4 tutorial and I'm sure they just chucked CSRF and generic views in to confuse the hell out of me.
Okay, so generic views I get now, but I don't understand what is happening with CSRF protection.
This is what I think is happening: the CSRF token is a hash/key generated by modules used in the app and a logged in user if logged in. The token is somehow sent with a POST method form to the receiving view which again generates the hash and compares it with the one sent with the form to make sure nobody has snooped in? Have I got this completely wrong?
Having used the rest of the Django manual during the tutorial this is by far the most confusing manual page I have read.
It's confusing because it addresses a subtle vulnerability with web browsers.
Let's say we have two sites: site.com and evil.com. Then the owner of evil.com can, if he knows the structure of the site.com website (which is easy if he can use it), set up a form targeting it.
<form action="http://target.com/my_account/_delete" method="POST">
<input type="submit" value="Click Here for candy"></input>
</form>
Anyone clicking it and logged into site.com will instantly trigger the action linked to (in this case, destroying their own account).
The idea of a csrf token is that the legitimate form looks like this:
<form action="http://target.com/my_account/_delete" method="POST">
<input type="hidden" name="csrf_token" value="AEyaF8af8AIHJFA0L"></input>
<input type="submit" value="Don't click this unless absolutely sure!"></input>
</form>
and because this value is user specific, and only known by and shown on the website, the users are now safe, and can't delete their account without going through the proper page first, as any page from the attacker would not know this value.
Hopefully this is clearer.

Process a query without changing the page

We have a page which is dynamically generated after a few queries in the database. There are some links that when they are clicked by the user, update some information on the database but they change nothing on the webpage (or the display a discrete message).
How could we stay on the same page without re-rendering it?
Ideally, the corresponding view.py would process the queries and update the database but not the webpage.
You can send and receive your own XMLHttpRequest, but it is too much of works to do and IE will create a lot of problems.
Have you ever heard about jQuery? I strongly recommend you take a look at it and learn how to send and receive Ajax request using it.
You need to make an AJAX call back to the server with the user's actions, and process it on the server. You probably want a different view to process the AJAX request -- you could do it with the same view, but it would be somewhat silly to. The response from that view contains data (probably as JSON) or HTML, which you display on the page with javascript. Check out jquery -- it's great for the client side.
You could accomplish this with plain Javascript and AJAX. When the user clicks on a link, use XMLHttpRequest to call view.py to process the queries.
eg. For the link: <a href="#" onclick=submitdb(); >Click me!</a>
For a tutorial on implementing AJAX (XMLHttpRequest) with Javascript, have a look here:
http://www.quirksmode.org/js/xmlhttp.html