I was sending the get request like this:
http:121.0.0.1:8000/userlogin/userName=test&password=12345#%
but accepted like this:
"GET /userlogin?username=admin&password=12345 HTTP/1.1" 403 2868
The # and % symbols were not received.
I cannot understand what happened here?
URL parameters have certain allowed characters in them, as explained in this question: https://stackoverflow.com/a/1455639/1726625
I suggest editing your password settings, and allowing/disallowing those characters and/or changing the method that you're using to not passing them as a URL parameter.
Could you ellaborate on the case that you need that for?
Related
i am experimenting with UTF-8 for usernames in a django app.
Django is Version 3.2.11
Python used is 3.9.4
Some users might have a profile visible to others and ther username in the url:
re_path("^u/(?P<username>\w+)/$", views.author_profile_view, name="author_profile_view"),
Normal Example works fine:
Browser shows -> /u/brainyChowder3/
Django shows -> GET /u/brainyChowder3/ HTTP/1.1" 200 10593
UTF-8 example 1 works also fine:
Browser shows -> /u/ɊȁⱲÒđΈⱦİĬd/
Django shows -> GET /u/%C9%8A%C8%81%E2%B1%B2%C3%92%C4%91%CE%88%E2%B1%A6%C4%B0%C4%ACd/ HTTP/1.1" 200 12508
But this UTF-8 does not work:
Browser shows -> /u/ɂáⱳ1⁄4%7Cĭğę
Django shows -> "GET /u/%C9%82%C3%A1%E2%B1%B31%E2%81%844%7C%C4%AD%C4%9F%C4%99 HTTP/1.1" 404 5585
The browser does show it strange, as he does not "translate" %7C to |, but that should be just optical?
Error shown is just
Page not found (404)
Request Method: GET
Request URL: http://127.0.0.1:8000/u/%C9%82%C3%A1%E2%B1%B31%E2%81%844%7C%C4%AD%C4%9F%C4%99
The current path, u/ɂáⱳ1⁄4|ĭğę, didn’t match any of these.
In Django shell I can query this user:
>>> User.objects.get(username='ɂáⱳ1⁄4|ĭğę')
<User: ɂáⱳ1⁄4|ĭğę>
The URI decoding looks ok to me.
I hope someone can explain why this is happening to one UTF-8 string, but not the other. Or maybe even knows how to fix it? :-D
I know it may not be the smartes thing to allow all UTF-8 for usernames, but this is more an experiment for me.
Thanks
The reason this happens has nothing to do with UTF-8, but with the fact that the username contains a non-word character (a character not matched by \w): a character that is not allowed for the <str:…> path converter. You can work with a <path:…>:
path('u/<path:username>/', some_view, name='some_name')
Working on a Django/React app. I have some verification emails links that look like the following:
https://test.example.com/auth/security_questions/f=ru&i=101083&k=7014c315f3056243534741610545c8067d64d747a981de22fe75b78a03d16c92
In dev env this works fine, but now that I am getting it ready for production, it isn't working. When I click on it, it converts it to:
https://test.example.com/auth/security_questions/f%3Dru&i%3D101083&k%3D7014c315f3056243534741610545c8067d64d747a981de22fe75b78a03d16c92/
This prevents react-router-dom from matching the correct URL, so a portion of the web application does not load properly.
The link is constructed using the following.
link = '%s/auth/security_questions/f=%s&i=%s&k=%s' % \
('https://test.example.com', 'ru', user.id, user.key)
Also, here is the url() that is catching the route:
url(r'^(?:.*)/$', TemplateView.as_view(template_name='index.html')),
These variables are supposed to be query parameters in a GET request. When you construct the link, you'll need to have a question mark in there somewhere separating the URL from the query string:
https://test.example.com/auth/security_questions/?f=ru&i=101083&k=7014c315...
^
|___ here
The conversion of = to url-encoded %3D etc is correct, and equivalent. Sometimes variables are part of the URL directly, but webapps don't use &-separated key/value pairs in that case.
I'm trying to redirect from mydomain.com to google.com.
There are a couple of answers on stackoverflow that asume the following is working:
return HttpResponseRedirect('google.com')
or
return redirect('google.com')
But it doesn't it. This just redirects the page to itself and appends the google.com part so it comes out like this:
www.mydomain.com/google.com
What throws a 404 of course..
My view now looks like the following:
class MyView(TemplateView):
def get(self, request, *args, **kwargs):
return HttpResponseRedirect('google.com')
Can anyone give me insights in what I'm doing wrong?
They answers are in some sense correct: you do a redirect. But now the web browser needs to perform the redirect.
Usually paths that are not prepended with two consecutive slashes are assumed to be local: so that means it stays at the same domain.
In case you want to go to another domain, you need to add a protocol, or at least two consecutive slashes (such that the old protocol is reused):
return HttpResponseRedirect('https://google.com') # use https
or:
return HttpResponseRedirect('//google.com') # "protocol relative" URL
After all you only return a redirect answer to the browser. The browser can decide not to follow the redirect (some browsers do), or can interpret it in any way they like (although that means that the browser does not really does what we can expect it to do). We can not force a browser to follow the redirect.
I'm using "django-lazysignup 0.8" with Django 1.3.
When I do this:
The view
#allow_lazy_user
def page_edit(request):
if request.method == 'GET':
if is_lazy_user(request.user):
b2 = Page.objects.create(user=request.user)
print request.user.username
return render_to_response('page_editor.html',{'page':b2})
the console output shows that the view seems to be called twice (b2 called twice and creates the Page object twice, and the print statment prints twice)
Here is the output screen :
Output:
7707089a583a424caf0face130cb20 # this is the reult of print request.user.username
[12/Mar/2012 15:02:45] "GET /edit/ HTTP/1.1" 200 8368
7707089a583a424caf0face130cb20
[12/Mar/2012 15:02:46] "GET /edit/images/favicon.ico HTTP/1.1" 200 8368
I don't need this to happen, the view should be called once and create one Page object. Is there any solution?
I don't think this is related to Django-lazysignup.
If you look at the url for the second request:
/edit/images/favicon.ico
That looks to me like your browser trying to load the favicon for your website. That suggests you've used a relative path images/favicon.ico instead of an absolute path /images/favicon.ico.
It doesn't seem quite right that the favicon url has called the page_edit view. This suggests your url pattern is missing a $ to denote the end of string. You should change it to something like:
url('^edit/$', 'page_edit'),
I'm currently playing around with some selfmade online Text-RPG and now have to deal with some quite strange problem which I hope someone here can solve.
I'd like to toggle a boolean field called 'rp_willing' in the model 'Character' when clicking on certain links. For that I have a view function called 'character_toggle_rp_willing'.
The field definition:
class Character(models.Model):
...
rp_willing = models.BooleanField(default=False)
...
The view function:
#decorators.login_required
def character_toggle_rp_willing(request, id):
character = get_object_or_404(Character, pk=id)
character.rp_willing = not character.rp_willing
character.save()
return redirect(request.META.get('HTTP_REFERER','/accounts/overview'))
It queries the character in question from the database by it's id. Then 'rp_willing' is toggled and the character is saved before the function redirects back to the previous page.
The problem now seems to lie in the call of 'character.save()'. I've placed some print-functions for debugging purposes and everything else seems to work as intended. Also, the whole functions works absolutly correct if called from a template of the same app. But if the template is from a differente app, the save-function just isn't executed. There is no exception which could give any hints. I don't really know, how to debug in this case. I couldn't find the code of the built-in save()-function either.
Is the save()-function somehow related to the passed request? Or is there something I have just overlooked?
EDIT:
What the Dev-Server says...
Works as intended:
[28/Aug/2011 17:06:53] "GET /accounts/overview HTTP/1.1" 200 2283
[28/Aug/2011 17:06:59] "GET /accounts/character/toggle_rp_willing/1/ HTTP/1.1" 302 0
[28/Aug/2011 17:06:59] "GET /accounts/overview HTTP/1.1" 200 2285
Fails on saving:
[28/Aug/2011 17:03:26] "GET /village/ HTTP/1.1" 200 1531
[28/Aug/2011 17:03:28] "GET /accounts/character/toggle_rp_willing/1/ HTTP/1.1" 302 0
[28/Aug/2011 17:03:28] "GET /village/ HTTP/1.1" 200 1531
Okay, turned out I was just looking from a wrong angle. The problem is not my 'character_toggle_rp_willing' for it saves the character as it should. But the view it redirects to does not retrieve the character-data from the database. Instead it uses the data stored in a session variable - the old data. And then there is a method called, that saves that old data, so nothing changes in the end... I guess I should look for a good debugger.