I'm implementing a simple referral system. I have middleware which sets a session variable identifying the referring user. I have a model which ties a referring user to the referred user. I'm trying to use the post_save signal from the User object to populate this model. How do I access the session object from within the post_save signal handler?
There is not way without using a thread specific global variable.
But I'm not sure you need to. For my referral and invite system I just have the user register as normal and after the user has been created, get the referral out of the session. In almost all situations it will still be the same session.
If there is something about your session that prevents that, I would instead add it to the create user form.
You may find useful documentation on using sessions out of views.
Related
I'm writing a web application with Django framework. This web application is API based and I'm using Django rest_framework. I have a security issue: On the first page, the user must solve a Recaptcha. After solving the Recaptcha my site gives a session ID to the user and after this, the user must post this session ID in the body of all his/her API calls and every API can be called just once with a specific session ID. In other words, I have a state machine for the APIs being called by the user and in each state, the user can call the APIs which have corresponding outgoing edges from that state.
The purpose of all of the above procedures is preventing the user from crawling my website. (User can't call an API many times with a session ID and he/she should act as a normal user and call every API at most two or three times)
Now my question is that how should I handle this in my Django app? Before this, I just used the ordinary Django session middleware for handling sessions. Now should I handle the authentication process and passing and getting session ID completely in a manual way or is there a way in which I can use that middleware that it can be able to handle my procedure.
You can do this with simply with saving your user's state and in each step update your user's state and consider the next states which user can see.
Use custom permission classes for your APIViews to block such request.
Read more here https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions
I need to show users some banners depending on certain situations. One of those situations is a moment, when user just logged in.
How can I detect in django 1.4 context processor login moment? I know about django.contrib.auth.signals.user_logged_in signal, but I have no idea, how can I use check it in context processor.
How can I do this? Or is there another ways to detect users login event in context processor?
May be there is the way to create signal handler, which will set some variable in request object, and in context processor I would check it. Or some other way.
You can set session in login view, and destroy it after use.
I am working on a Django site where people create articles. I'd like for people to be able to create an article as part of the registration process. Here's the steps:
User hits "create article" without being registered or logged in.
User is directed to "create article" page that displays the form for creating the article.
After hitting the "submit" button on the "create article" form, the user is redirected to the registration / login page.
After the registration process or login, the article is saved under the user's ID.
I'm pretty new to Django, so here are the complications so far as I'm concerned:
Do I save the object with an AnonymousUser as the author until after the login process? How would I find the object again so that I can save it to the User after they're logged in or registered? Is there any kind of unique identifier in an AnonymousUser object?
Should I pass the object through the registration process using URLs until the registration has taken place (to then save it)? How does one do that?
There are a couple of ways to do what you're wanting to do. I would exclude the user from your create Article form, and set user to blank=True, null=True.
It's really up to you as to whether or not you just hold the article in session until after you create your user, or persist it to the database and assign the user after.
One benefit of holding it in session is that if the user abandons the registration process, you don't have a record in the database. I would recommend going this way, as it's easy to do, and you don't have to have any logic to clean up your db, should the user abandon the session.
To specifically answer your question about an anonymous user...no, there is not a unique identifier for an anonymous user. You can use sessions in Django to persist objects between views.
"Should I pass the object through the registration process using URLs until the registration has taken place (to then save it)? How does one do that?"
The above suggestion that you have been made is the better solution but don't pass it to url. There are two ways to successfully do that.
You can pass the object through session variable so that no one will ever notice it instead of passing it to url.
You can determine which object you must get throught their IP address.
Is there a way to access the request.user in either models.py or in a signal handler?
I'm using the m2m_changed signal and defining it in my models.py - I'd like to access the logged in user there.
Is there a way to do this?
I'm assuming user making a change is not necessarily record owner or author. This means model lookups are useless and you need to pass this data via signal.
Good way to do this is to create custom signal which has current user as one of attributes and emit it in view code when the data is being saved.
I have several notifications that can be sent out from my Django application for users. These users are managed with the django.contrib.auth app.
I need to keep track for each whether the user has specified he/she wants to get that notification.
Where should I save this information?
I was going to create my own custom table but I've seen perhaps I can save that information somewhere in the auth module?
User Profiles are a good way to go.
https://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users
Set up a model with a OneToOneField to your User object as described and you have easy access to an arbitrary table of extra information.
PS: Heed the note about the fact that profiles are not automatically created. There is an example about how to use a Signal to automatically create one whenever a User is created.