Django auto submit form? - django

I want to know if I can submit a form in django without user interaction so that it acts just like when a user posts a form. Here is my situation:
User submits data to payment gateway.
Payment gateway responds with data which has to be validated.
User redirected to payment gateway and more data has to be posted to gateway.
One option for me is to render another form for the user after step 2 which can then be used to post the data and redirect for step 3. However the user has to click a button again.
I couldn't find anything relevant to my situation about submitting forms with django.
Is there a way I can do this without the user interacting again for ease of use?

Related

Django: Track specific user actions

How can I track specific user actions with Django.
For example:
user logged in
user changes password
user visited a specific page
rest api call within a specific view took 300ms
user deleted / updated / created a specific model
Is there a nice third party app which can do this for me and display this information in an human readable admin interface or at least in django-admin?
If there is no app out there. How would you do this with Django?

How to send notification from admin to user in Django

I am building an online shopping website using Django framework. I want to implement an order approval system where Django Admin will approve the order request from the user and at that time a notification or message will be sent to the user.
Currently I have an order request model with an order status field. When the value of that field will be set approved by the admin a notification will be sent to that user.
I want a push notification system here. How can I implement this in Django?

How to keep form data through login process?

To optimize my page I want users to be able to fill out forms without being logged in, but then ask them for their password upon submission. I already know I can use &next= to redirect the user, but then all the POST data of the form is lost. Is there any built in way to have the user login and then resume to where he has been including post data he just sent?
If you have also file in form, then session is not useful for you.
Second solution is save data into models and after login, you can use saved data to link with logged in user as said by #doniyor.
The best way is to use django-formwizard.
Django comes with an optional “form wizard” application that splits forms across multiple Web pages. It maintains state in one of the backends so that the full server-side processing can be delayed until the submission of the final form.
Here the link.
https://docs.djangoproject.com/en/1.7/ref/contrib/formtools/form-wizard/

Avoiding POST forgery on a Django site

I'm experimenting with a way of knowing the specific twitter identities of my site's users even though they're not logged in. And would like the help of the community to find out how I could reduce the possibility of impersonation.
The main idea is that a user comes to the main page, fills a form, and clicks on a "tweet this" button as a way to submit the form. That opens up a popup where the user sees a pre-filled message: "I just submitted this form" and tweets it. This popup resides on twitter.com. No oauth is involved here. When the tweet is done, twitter sends back the id of the tweet that was just created to a javascript callback function on the web page. This javascript function ajax POSTs the form fields as well as the tweet id to a handler on the server.
The server then fetches the twitter information of that tweet including the user info and saves the form info with a foreign key to the user.
What I want to avoid is for an impersonator to come to the page, fill up the form with junk, and manually POST the form including a tweet id to an unrelated tweet from another user.
Django, which I'm using, has something called CSRF tokens to avoid impersonators from doing POST calls without loading the page. But I'm not sure if this would also prevent users who load the page (and see the csrf token) to fake the POST.
The main thing I want to avoid is for people to associate a twitter id that is not theirs with a for that they post.
Looking forward to your suggestions of some creative ways to solve this or to poke holes at my thinking.

django-registration with paypal integration

I'm trying to figure out how to integrate django-registration with django-paypal. Being a Django n00b, I'm trying to figure out how to implement a flow like this:
User signs up using django-registation with 'active' flag set to 0
After registering, send user to PayPal for a subscription
When they come back from PayPal successfully, I want to set 'active' to 1
I've been looking at the django-registration documentation and don't quite understand how to use different backends or implement a flow the way I want.
Any tips on how to accomplish this would be greatly appreciated. django-paypal won't be a problem for me as I've done PayPal integration before (in PHP for a self-published book about CakePHP).
To have registration not send an email you pass send_email=False to the RegistrationManager.create_inactive_user call in your view to register a user. After you create the user, you probably want to create a landing page with the paypal buttons for payment. Instruct the user to click a payment button to pay. Generally I send the user.id in the custom field for the payment button.
Then, in django-paypal, use the IPN signal handlers to activate the user based on the user.id in the custom field of the IPN query. You might want to send a modified registration email at this point, welcoming the user to your site and telling them you have received payment and have activated their account, but those are details for you to define.