Where can I store the refresh and access token in django - django

I'm using django and trying to integrate it with quickbooks online through python-quickbooks package and already did so and it works fine, but the problem is I don't want to store the tokens in the request session because I'm trying to access them outside the views, to be exact I'm trying to send an invoice each time an invoice(invoice model from django) object was made I want to send one to quickbooks and I'm doing this through django signals but I can't access the session from the signals so where is the best place to store them on the server side?
thanks in advance.

You can create new Django model just for your integration and query it when you need to get tokens. Especially it can be useful if you plan to have multiple integrations, you can add relation from object (which is related to signal) to "integration object".

Related

How to implement a manual security procedure with Django

I'm writing a web application with Django framework. This web application is API based and I'm using Django rest_framework. I have a security issue: On the first page, the user must solve a Recaptcha. After solving the Recaptcha my site gives a session ID to the user and after this, the user must post this session ID in the body of all his/her API calls and every API can be called just once with a specific session ID. In other words, I have a state machine for the APIs being called by the user and in each state, the user can call the APIs which have corresponding outgoing edges from that state.
The purpose of all of the above procedures is preventing the user from crawling my website. (User can't call an API many times with a session ID and he/she should act as a normal user and call every API at most two or three times)
Now my question is that how should I handle this in my Django app? Before this, I just used the ordinary Django session middleware for handling sessions. Now should I handle the authentication process and passing and getting session ID completely in a manual way or is there a way in which I can use that middleware that it can be able to handle my procedure.
You can do this with simply with saving your user's state and in each step update your user's state and consider the next states which user can see.
Use custom permission classes for your APIViews to block such request.
Read more here https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions

How should I structure requests with side effects when using Django Rest Framework?

I'm using Django Rest Framework and it's integrated with an external service. I'm using an endpoint to receive a callback from a webhook whenever a new task is created in the external service.
When the callback request comes in, my code needs to create at least one object. But it's possible that multiple objects will need to be created from multiple different models. For example, if a new task is created it's possible that it was created by a new user, in which I also need to create a new user object to reflect this.
In total, there could be up to 5 additional objects made as side effects. I'm aware of multiple different places that this logic could be added (e.g. service layers, serializers, models, managers, views). But there seem to be issues with all of these.
Has anyone dealt with this issue before? If so, how did you solve it?
First of all, it is important to understand the difference between an RPC-style API and a RESTful API. Simply put, you can imagine an RPC API to be "methods" that are "actions", while a RESTful API represents the state of your models.
For example, let's say we want to create an endpoint to handle user registration.
A RPC style endpoint might be /api/register. A register function that might do X number of things.
A REST style endpoint might be /api/users. Not an action, but simply just an endpoint that give us the state of the users that exist. A GET request would list the users and a POST request would create a new user.
With that said, it might be a bit more clear that in general, creating endpoints that do X number of actions might not be very "restful", and using a framework specifically named "Django REST Framework" might not be the right choice.
So in your particular case. I suggest that you avoid creating endpoints that work as methods, and instead treat them as the resources that they represent. This means that if you need to create a new user, you do a request to the user-endpoint, then if you need to create a new article with that user, you do a second request to the article-endpoint.
Using Signals for Side Effects
I think if you do want side effects, they should be managed using signals. For example, let's say that you want to send out emails using a contact form. Instead of having a /api/send_email endpoint, you instead do a /api/messages/ endpoint that represent a Message model, and then you use signals to send out emails whenever a new message is created.
By doing things this way, it still means that the API endpoint itself just represent the state of the model, while the side effect of modifying the state (sending a message on creation of a new message) is moved to the signal's responsibility.

Django and angular6 with multitenancy

I am a newbie to Multi-Tenant architecture, developing SaaS product using django-tenant-schema
my requirement was something like clients would register for product. For every registered client, I was creating new schema by following single database and isolated schemas approach. Whenever client requested from a browser I was able to identify them by using subdomain and giving privilege to acces their specfic schema. While I was starting coding lot of questions were popup in my head. I am really sorry for asking here but stackoverflow is only my last hope. Database was like below
Database
Public_Schema
auth_user
Clients_List_Table
ClientA_Schema
auth_user
ClientA_User_List
ClientB_Schema
auth_user
ClientB_User_List
Q1.What kind of admin actions we can perform on every client?
I have rest api for example http://client.example.com/api/user_list/ here client maybe ClientA or ClientB
Q2. How can we implement api routing which gets client name dynamically when user requested at browser which let us to use corresponding schema to display current client's user_list.

Survey App Django-Survey Monkey

I am creating a django application for my company, and one of the things that still needs doing is a survey.
At the moment we use SurveyMonkey, but I can't manage to send via api invitations to the surveys(personalized ones like the web page allows, so we know who answered with which answers).
Does anybody know if it's possible to do this with SurveyMonekey api, or if not, any other django app that what I need, or another way to do this?
SurveyMonkey's API is currently read-only and does not allow adding users to email collectors. And option you might consider is pairing SurveyMonkey with MailChimp. MailChimp currently has docs on how to use it with SurveyMonkey here: http://kb.mailchimp.com/article/setting-up-your-surveymonkey-mailchimp-integration/
You could also create something like the MailChimp API in your own application by adding a unique ID to links you send to your respondents by appending ?c=UNIQUEID to the end of a web link collector URI. Then, in your application, you can send any email invitation you like to potential respondents and use the unique ID to correlate users with responses.
You'll need to request the "custom_id" by adding it to the "fields" array in your request to get_respondent_list in order to that unique ID back from SurveyMonkey using the API.

Using Django with the Facebook API for a polling app

I randomly pick two friends of the user and ask him/her to pick who is the better friend. Now all I have is the friend ID which I then have to use to create a poll and store in the database accordingly. Using the Facebook graph API, I have the ID. All I need to do now is to pass it to Django.
I'm new to this so how exactly would I do that? Pass a javascript variable to Django?
I see two options.
At client side using Javascript SDK,
Fetch the friends' profile details along with ID.
Convert them to JSON.
Do a POST request to a django url/view which stores the data in database.
In this way, you don't need to do any graph API queries further from server side. But this won't help you updating the data at realtime. Consider, if one of the friends changing his name in FB, now what is stored in your database becomes obsolete. So, you need to make sure that some thing from client side implemented to do real time update posts to server side.
At server side using any django facebook graph API apps,
Get the IDs from client side.
Use the fb graph app to fetch the details at server side.
Store them in database.
In this way, you could be able to schedule a callback for real time updates. I prefer the second approach as it's always better to burden the server rather than client. And I found this app simple and do what you need. https://pypi.python.org/pypi/django-facebook-api/0.1.10