Django - can not access session - django

Using Django REST Framework in development, I have the following (previously working) code example, where in one view I set session data, and in another view I use that data.
And like I said, this code used to work, but now for some reason the stored session data can not be accessed anymore.
View for setting session data
#api_view(["POST"])
#permission_classes((AllowAny, ))
def set_session_data(request):
session_data_dict = loads(request.body.decode('utf-8'))
if not isinstance(session_data_dict, dict):
return Response({"message": "Expected a JSON object with key-val pairs to be sent. Key-val pairs to be set to session. Received something else.", status: status.HTTP_400_BAD_REQUEST})
try:
for key, value in session_data_dict.items():
request.session[key] = value
response_data = {"status": rest_status.HTTP_200_OK}
except:
response_data = {"status": rest_status.HTTP_500_INTERNAL_SERVER_ERROR}
return Response(response_data)
View that accesses stored session data:
#api_view(["GET"])
#permission_classes((AllowAny, ))
def check_user_logged_in(request):
try:
data = {"login_token": request.session["login_token"]}
except KeyError:
data = {"login_token": ""}
return Response(data, status=rest_status.HTTP_200_OK)
I have tested a little, and I can access the data in the session in the set_session_data view, after it has been added, like so:
request.session['login_token']
But when I try the same in the check_user_logged_in view, I get a KeyError.
So I tried checking if the sessions for both views are the same session, by checking the value of request.COOKIES[settings.SESSION_COOKIE_NAME] in each view. But in both views that results in the following error:
KeyError: 'sessionid'
Now, I have not touched the session settings, so they are the default settings from django-admin startproject. ('django.contrib.sessions' in INSTALLED_APPS, 'django.contrib.sessions.middleware.SessionMiddleware' in MIDDLEWARE, and nothing added.)
Can anyone explain why this is happening?

Related

Django Session Variables Don't Work In Stripe Webhook?

I am trying to use data saved in django session variables to run a function once the webhook has confirmed that 'checkout.session.completed' but I always get a key error. I am 100% sure the keys exist in the session variables.
Here is my webhook:
#csrf_exempt
def stripe_webhook(request):
# You can find your endpoint's secret in your webhook settings
endpoint_secret = 'secret'
payload = request.body
sig_header = request.META['HTTP_STRIPE_SIGNATURE']
event = None
try:
event = stripe.Webhook.construct_event(
payload, sig_header, endpoint_secret
)
except ValueError as e:
# Invalid payload
return HttpResponse(status=400)
except stripe.error.SignatureVerificationError as e:
# Invalid signature
return HttpResponse(status=400)
# Handle the checkout.session.completed event
if event['type'] == 'checkout.session.completed':
session = event['data']['object']
fulfull_order(session)
return HttpResponse(status=200)
Here is my fulfill order function:
def fulfull_order(session):
generator = PlanMaker(goal=request.session['goal'], gender=request.session['gender'])
/// send email code.
This line generator = PlanMaker(goal=request.session['goal'], gender=request.session['gender'])
Always gives a key error on request.session['goal'] The key definitely exists, it just seems it is inaccessible from the webhook view.
How to solve?
You should save the information you want to the metadata field when creating the checkout.Session.
def checkout(request):
session = stripe.checkout.Session.create(
payment_method_types=['card'],
line_items=[{
'price': 'price_key',
'quantity': 1,
}],
mode='payment',
success_url=request.build_absolute_uri(reverse('success_url')) + '?session_id={CHECKOUT_SESSION_ID}',
cancel_url=request.build_absolute_uri(reverse('cancel_url')),
metadata={'someKeyHere': 'your session variable data'}
)
return JsonResponse({
'session_id' : session.id,
'stripe_public_key' : settings.STRIPE_PUBLISHABLE_KEY
})
then you can access the information like session['metadata']['someKeyHere']
The webhook event is a separate request coming directly from Stripe that would not be related to any Django session and so this lack of session data would seem expected. As #Anthony suggests you can store this information in the Checkout Session metadata when you create the session. The metadata will be included in the webhook object.

Working of #cache_page() decorator in django-redis-cache

I am using(trying) redis as a cache to my django app. This is how I am trying to do it.
def postview(request):
post_list = []
if cache.get("posts") == None:
post_list = Post.objects.all()
cache.set("posts", post_list, timeout=None)
else :
post_list = cache.get("posts")
context = {"post_list" : post_list}
return render(request, 'post_list.html', context)
#cache_page(60*15, key_prefix="test_cache")
def new(request):
print("testing")
return HttpResponse("hello, I am mohammed")
This is the output in redis-cli
luvpreet#DHARI-Inspiron-3542:~/test_venv_wrapper/test_redis$ redis-cli
127.0.0.1:6379> select 2 # I have redis db 2 as backend in django settings
OK
127.0.0.1:6379[2]> keys *
1) ":1:views.decorators.cache.cache_page.cache_test.GET.26488770af116d67b33750e5f304aa3e.d41d8cd98f00b204e9800998ecf8427e.en-us.UTC"
2) ":1:views.decorators.cache.cache_header..d314df08d6409ed165873dfa23271c50.en-us.UTC"
3) ":1:posts"
4) ":1:views.decorators.cache.cache_page..GET.d314df08d6409ed165873dfa23271c50.d41d8cd98f00b204e9800998ecf8427e.en-us.UTC"
5) ":1:views.decorators.cache.cache_header..26488770af116d67b33750e5f304aa3e.en-us.UTC"
6) ":1:views.decorators.cache.cache_page..GET.26488770af116d67b33750e5f304aa3e.d41d8cd98f00b204e9800998ecf8427e.en-us.UTC"
7) ":1:views.decorators.cache.cache_header.cache_test.26488770af116d67b33750e5f304aa3e.en-us.UTC"
This is the value under one of the keys,
127.0.0.1> get :1:views.decorators.cache.cache_page.cache_test.GET.26488770af116d67b33750e5f304aa3e.d41d8cd98f00b204e9800998ecf8427e.en-us.UTC
"\x80\x02cdjango.http.response\nHttpResponse\nq\x01)\x81q\x02}q\x03(U\x0e_handler_classq\x04NU\b_headersq\x05}q\x06(U\rlast-modifiedU\rLast-ModifiedU\x1dWed, 05 Apr 2017 10:56:58 GMT\x86U\aexpiresU\aExpiresU\x1dWed, 05 Apr 2017 15:06:58 GMT\x86U\x0ccontent-typeU\x0cContent-TypeU\x18text/html; charset=utf-8\x86U\rcache-controlU\rCache-ControlU\rmax-age=15000\x86uU\b_charsetq\aNU\x11_closable_objectsq\b]U\acookiesq\tcdjango.http.cookie\nSimpleCookie\nq\n)\x81q\x0b}q\x0cbU\x06closedq\r\x89U\n_containerq\x0e]q\x0fU\x14Hello, I am Mohammedq\x10aU\x0e_reason_phraseq\x11Nub."
This is some serialized value.
The queryset Post.objects.all() is cached and I have no problem in getting this from cache. But I am failing to understand this #cache_page() decorator.
Why is it making so many keys in the redis database ? Please explain the keys made in the redis database.
How can I get to know this is working or not ?
cache_page decorator is a django decorator, not a django-redis decorator. So, if you were using a default cache like memcached in django, the cache_page decorator would have been making the same keys in memcached.
Here is the decorator base code along the doc string :
https://github.com/django/django/blob/711123e1cdaf3b08c876c045d8d38decdc7a63d3/django/views/decorators/cache.py#L8
"""
Decorator for views that tries getting the page from the cache and
populates the cache if the page isn't in the cache yet.
The cache is keyed by the URL and some data from the headers.
Additionally there is the key prefix that is used to distinguish different
cache areas in a multi-site setup. You could use the
get_current_site().domain, for example, as that is unique across a Django
project.
Additionally, all headers from the response's Vary header will be taken
into account on caching -- just like the middleware does.
"""
So, inherently it is creating multiple keys, one for headers and other for the HTTPResponse content. It creates the keys based on header and content, so that any change in header invalidates the cache ( for example in case of vary headers ), i.e. even with same parameters in the url, but different content in request-headers you will have seperate caches. Examples of different request-headers can be sending login info about same page for different logged in users, or serving different content for same url based on mobile/desktop user agent information present in headers.
Here is the cache key code in django :
def _generate_cache_key(request, method, headerlist, key_prefix):
"""Return a cache key from the headers given in the header list."""
ctx = hashlib.md5()
for header in headerlist:
value = request.META.get(header)
if value is not None:
ctx.update(force_bytes(value))
url = hashlib.md5(force_bytes(iri_to_uri(request.build_absolute_uri())))
cache_key = 'views.decorators.cache.cache_page.%s.%s.%s.%s' % (
key_prefix, method, url.hexdigest(), ctx.hexdigest())
return _i18n_cache_key_suffix(request, cache_key)
def _generate_cache_header_key(key_prefix, request):
"""Return a cache key for the header cache."""
url = hashlib.md5(force_bytes(iri_to_uri(request.build_absolute_uri())))
cache_key = 'views.decorators.cache.cache_header.%s.%s' % (
key_prefix, url.hexdigest())
return _i18n_cache_key_suffix(request, cache_key)
def get_cache_key(request, key_prefix=None, method='GET', cache=None):
"""
Return a cache key based on the request URL and query. It can be used
in the request phase because it pulls the list of headers to take into
account from the global URL registry and uses those to build a cache key
to check against.
If there isn't a headerlist stored, return None, indicating that the page
needs to be rebuilt.
"""
if key_prefix is None:
key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
cache_key = _generate_cache_header_key(key_prefix, request)
if cache is None:
cache = caches[settings.CACHE_MIDDLEWARE_ALIAS]
headerlist = cache.get(cache_key)
if headerlist is not None:
return _generate_cache_key(request, method, headerlist, key_prefix)
else:
return None

Django Cookie is not set properly

I am trying to set a cookie in a Django view. Something like this:
def my_view(request):
response = HttpResponse('Setting a cookie')
if 'my_cookie' in request.COOKIES:
return HttpResponse('Cookie found.')
else:
response.set_cookie('my_cookie', 'value')
return HttpResponse('Cookie set.')
In my mind, how it should work is this: on the first load, the cookie is not found, so its set and 'Cookie set.' is returned. If I reload the page, the cookie should be found, since it has been set already, so 'Cookie found.' is returned.
However, every time I reload, I get 'Cookie set.' for some reason. Any help? Thanks.
EDIT
I edited my code according the first comment:
def my_view(request):
response = HttpResponse('Setting a cookie')
if 'my_cookie' in request.COOKIES:
print 'Cookie found.'
response = HttpResponse(request.COOKIES['my_cookie'])
return response
else:
print 'Cookie set.'
response.set_cookie('my_cookie', 'value')
response = HttpResponse('value')
return response
I am returning the object that is being used to set the cookie. I am only trying to get the value. However, in my console, I always get 'Cookie set.', why is that?

django save data to session without increasing its expiry

Basically I want to do something like:
request.session['last_date'] = datetime.datetime.now()
without django modify (increase) session expire_date (i.e, it should stay as it is)
I have SESSION_SAVE_EVERY_REQUEST = True
The session expiry should remain unchanged when last_date is modified as above. However for all other changes expiry should change. I do not want to set it as a global policy for the session.
When you want to change the default behavior of the session engine, the usual practice is to write a custom session backend. Fortunately, it isn't very difficult. We will make ours by subclassing django.contrib.session.backends.db.SessionStore
from django.contrib.session.backends.db import SessionStore as DbStore
class SessionStore(DbStore):
def load(self):
try:
self.current_session = self.model.objects.get(
session_key=self.session_key,
expire_date__gt=timezone.now()
)
return self.decode(s.session_data)
except (self.model.DoesNotExist, SuspiciousOperation) as e:
if isinstance(e, SuspiciousOperation):
logger = logging.getLogger('django.security.%s' % e.__class__.__name__)
logger.warning(force_text(e))
self._session_key = None
return {}
def create_model_instance(self, data):
"""
Return a new instance of the session model object, which represents the
current session state. Intended to be used for saving the session data
to the database.
"""
try:
expiry = self.current_session.expire_date
except AttributeError:
expiry = None
return self.model(
session_key=self._get_or_create_session_key(),
session_data=self.encode(data),
expire_date=self.get_expiry_date(expiry=expiry),
)
Most of the code is from django.contrib with few slight modificiations. Now all you have to do is to tell django to use our new session store by modifying the settings.py
SESSION_ENGINE = 'myapp.session'
Assuming that you put the above code in a file named session.py
Response to edit in question:
This code shows how to modify the session with out changing it's expiry time. Now you mention you want this behavour only if the last_date item is changed, make a modification as follows;
expiry = None
try:
if current_session.get('last_date') != date.get('last_date') :
expiry = self.current_session.expire_date
except AttributeError:
pass

django-activity-stream actions not displaying

I've just set django-activity-stream up but can't get it to display my actions when I goto the built in template mysite.com/activity/. Yet if I check the admin site I can see the actions have been saved as expected. I am using django-allauth for authentication/authorization
myapp/Settings.py
ACTSTREAM_SETTINGS = {
'MODELS': ('auth.user', 'auth.group'),
'MANAGER': 'actstream.managers.ActionManager',
'FETCH_RELATIONS': True,
'USE_PREFETCH': True,
'USE_JSONFIELD': True,
'GFK_FETCH_DEPTH': 0,
}
myapp/receivers.py
from actstream import action
#receiver(user_logged_in)
def handle_user_logged_in(sender, **kwargs):
request = kwargs.get("request")
user = kwargs['user']
action.send(user, verb='logged in')
In the django-activity-stream views.py it seems models.user_stream(request.user) is returning empty. But I have no idea why.
actstream/views.py
#login_required
def stream(request):
"""
Index page for authenticated user's activity stream. (Eg: Your feed at
github.com)
"""
return render_to_response(('actstream/actor.html', 'activity/actor.html'), {
'ctype': ContentType.objects.get_for_model(User),
'actor': request.user, 'action_list': models.user_stream(request.user)
}, context_instance=RequestContext(request))
Debugging from models.userstream(request.user) it seems I've found where it's returning no results:
actstream/managers.py
#stream
def user(self, object, **kwargs):
"""
Stream of most recent actions by objects that the passed User object is
following.
"""
q = Q()
qs = self.filter(public=True)
actors_by_content_type = defaultdict(lambda: [])
others_by_content_type = defaultdict(lambda: [])
follow_gfks = get_model('actstream', 'follow').objects.filter(
user=object).values_list('content_type_id',
'object_id', 'actor_only')
if not follow_gfks:
return qs.none()
When I check the value at q = self.filter I can actually see all the correct "logged in" activities for the user I passed, however when it gets to follow_gfks = get_model because the user in question isn't following anyone else follow_gfks ends up being None and the query set qs gets deleted on the last line.
Why this works this way when im just trying to view my own users activity feed I have no idea.
Here's what a row from my actstream_action table looks like:
id 1
actor_content_type_id [fk]3
actor_object_id 2
verb logged in
description NULL
target_content_type_id NULL
target_object_id NULL
action_object_content_type_id NULL
action_object_object_id NULL
timestamp 2013-09-28 12:58:41.499694+00
public TRUE
data NULL
I've managed to get the action/activity list of the current logged in user by passing user to actor_stream() instead of user_stream(). But I have no idea why user_stream doesn't work as intended
If it's your user that you want to show the actions for, you need to pass with_user_activity=True to user_stream; if it's for another user, you need to follow them first.