I've been working through an issue with my django project. The issue is I've got one project, which will retrieve data for users of different clients. I need to know 'from where' a viewer is coming from (request.path [my original solution]). I've been looking at a number of different options which sound close to what I want to do, but I'm not sure what the best option is, not having done this before.
My first option was to add a url in the urls.py with a 'tag' or 'keyword' then look for that tag/keyword in the request.path, which I'd add as a session key. Then go onto get the data.
Something else I started looking at was the sites framework. After reading through the documentation, I'm still confused how sites actually works, so I'm not sure if this is the right option.
Another solution talked about using middleware, this came up in connection with the research into using the sites framework.
And then yet another talked about doing this in apache.
Could some one help point me in the right direction?
Cheers,
T
If you need to know from which URL came your user to your currrent page you should check the REFERER http header, available in request.META.get('HTTP_REFERER').
See http://docs.djangoproject.com/en/1.2/ref/request-response/#ref-request-response for more informations.
Be careful though, the referer meta is not mandatory and could be missing due to private browsing or direct access to the page from the URL bar.
It's not completely clear from your question, but if you're asking for the URL that the user was on before coming to the current page, you probably want request.META['HTTP_REFERRER'].
Edit after comment
That would be a very bad idea. Global variables are not safe given that you potentially have multiple requests being processed at the same time. The referrer is already available from the request, which can be accessed in all views and templates, so I don't know what else a middleware would give you.
Related
Forgive me if the wording here is a bit odd. I have a fair amount of experience with python, but I'm pretty new to Django and still trying to get my sea legs.
I've inherited a PHP site from the former System admin at my new job, and I want to rework it into a django app to simplify/cleanup the code.
The PHP site is using .htaccess file with Pubcookie apache module for authentication (as well as some basic checks in the php code to ensure the user checks out against a database of authorized users, but that part i'm less concerned with), and looks like this:
AuthType SecureID
require valid-user
PubcookieAppID "name of the app"
In my apache configs, I have various pubcookie definitions.
LoadModule pubcookie_module /usr/lib/apache2/modules/mod_pubcookie.so
PubcookieGrantingCertFile /usr/local/pubcookie/keys/pubcookie_granting.cert
PubcookieSessionKeyFile /etc/ssl/private/akey.pem
PubcookieSessionCertFile /etc/ssl/certs/acert.pem
PubcookieLogin https://weblogin.domain.com/
PubcookieLoginMethod POST
PubcookieDomain .domain.com
PubcookieKeyDir /usr/local/pubcookie/keys/
PubcookieAuthTypeNames ADUserID null SecurID
My question is...How do I implement this sort of thing on the python end? I have looked at using RemoteUserMiddleware, or PersistentRemoteUserMiddleware.
But most of the information I have found for that doesn't go into great detail about how to actually point your app at the correct login page. The official documentation seems to stop at adding the middleware under middleware in the settings.py file in the django project.
It also bare's mentioning that the weblogin.domain.com is handled by another group that I don't have direct access to, and is not one of my servers so I can't really poke around there.
I realize this is...extremely broad, but any information that could point me in the right direction would be appreciated.
In an ideal scenario, I would like to be able to restrict different views to different authtypes, but I'd be happy to get anything working sensibly.
So, For what it's worth. The answer was to use pubcookie with apache as normal. then use RemoteUserMiddleware or PersistentRemoteeUserMiddleware as expected. As it turns out you don't have to handle any outside configuration for the middleware, it just imports whats shoved at it.
Finally the piece I was really missing, information from apache/pubcookie authentication can be accessed with request.META library from inside django code
I have built my first Django App! It is built to help my business track inventory. As such, I would not like it to be publicly available.
Maybe someday I will set up multiple user accounts, etc, but for now I really just need a basic password gate to get it up and running.
Does anyone have any middleware that works for this? All the solutions that I am finding are pretty old and they do not seem to work with the latest version of Django.
If you just need a single username/password couple, handling it directly via HTTP authentication in your webserver configuration will be the easiest way to achieve this. The benefits of this approach are:
You can set it up in 5 minutes: example with nginx, example with apache
You don't have to write code you'll delete later
It will protect all your website, including static files, third-party apps, admin, etc.
I found an answer that worked for me posted here:
#login_required for multiple views
Make sure the LOGIN_REQUIRED_URLS_EXCEPTIONS path is correctly set to your login page.
I've done research on Django Postman and it seems to be the most solid private user to user messaging platform out there. I've looked at the Django Postman documentation but it's very template orientated. For developers who use Django as a back end and only care about the views.py and urls.py, the documentation doesn't say much.
I did however find this: https://bitbucket.org/psam/django-postman/src/6ff9fdf9c33f7365a7235a789af2e47f47d9c4fa/postman/views.py?at=default
It seems pretty promising so I'm going to give it a try. My only issue is how can one set up the postman views in views.py and the urls in urls.py to create a messaging system similar to Facebook's?
(ie. A thread like messaging conversation system, a central inbox where all the messages come together from each user showing the last message from each user, messages in the inbox are sorted by conversation rather than the message, the time of the last message sent, allowing multiple recipients)
Below I've posted a picture of Facebook's messaging platform. This is what I am essentially trying to achieve with Django Postman.
Facebook Example http://screenshots.en.sftcdn.net/en/scrn/73000/73077/facebook-19-371x535.jpg
If you have any pointers, hints and ideas on how I can set up the views.py, I would greatly appreciate it! Thank You
I've run into this issue before.
You need to strictly override some of the views in there by clonning/forking the project and install it from your own location, because as you noted, postman is template-oriented because it's meant to only get the needed templates configured and a few settings. I mean, the backend is meant to work as is.
What you need to do is override stuff like:
Message model's recipient field to be a ManyToManyField
customize the views based on your needs and be careful with Message.replied_at
make sure you allow a user to reply to their own messages (by default, it was not allowed when I ran into this, not sure now)
Depending on your needs, maybe you'll want to override something else, but this is a good start. If you need it facebook-like, you'll need to use some push libraries as Pusher or Juggernaut, maybe you're interested in them also.
Good luck! :)
I have a website that I built using Django. Using the settings.py file, I send myself error messages that are generated from the site, partly so that I can see if I made any errors.
From time to time I get rather strange errors, and they seem to mostly be around about the same area of the site (where I wrote a little tutorial trying to explain how I set up a Django Blog Engine).
The errors I'm getting all appear like something I could have done in a typo.
For example, these two errors are very close together. I never had an 'x' or 'post' as a variable on those pages.
'/blog_engine/page/step-10-sub-templates/{{+x.get_absolute_url+}}/'
'/blog_engine/page/step-10-sub-templates/{{+post.get_absolute_url+}}/'
The user agent is:
'HTTP_USER_AGENT': 'Mozilla/5.0 (compatible; Purebot/1.1; +http://www.puritysearch.net/)',
Which I take it is a scraper bot, but I can't figure out what they would be able to get with this kind of attack.
At the risk of sounding stupid, what should I do? Is it a hack attempt or are they simply trying to copy my site?
Edit: I'll follow the advice already given, but I'm really curios as to why someone would run a script like this. Are they just trying to copy. It isn't hitting admin pages or even any of the forms. It would seem like harmless (aside from potential plagiarism) attempts to dig in and find content?
From your USER_AGENT info it looks like this is a web spider from puritysearch.net.
I suggest you do is put a CAPTCHA code in you website. Program it to trigger when something tries to access 10 pages in 10 seconds (mostly no humans would do this or figure out a proper criteria to trigger your CAPTCHA).
Also, maintain robots.txt file which most crawlers honor. Mention your rules in robots.txt. You can say the crawlers to keep off certain busy sections of your site etc.
If the problem persists, you might want to contact that particular site's system admin & try to figure out what's going on.
This way you will not be completely blocking crawlers (which are needed for your website to become popular) and at the same time you are making sure that your users get fast experience on your site.
Project HoneyPot has this bot listed as a malicious one http://www.projecthoneypot.org/ip_174.133.177.66 (check the comments there) and what you should probably do is ban that IP and/or Agent.
For a project I'm working on, we're still undecided whether the site will launch on an invite-only basis, or be open to the general public immediately. Notwithstanding the management of invites, how would one go about to render a public site invite-only in Django?
One way I can come up with is adding #login_required to all views, but that seems to be too labour intensive... In other words, is there a way to restrict the use of the site to those who have login credentials in one swoop?
Thanks in advance!
Have you looked at the privatebeta application (PyPI, GitHub)? It seems like that does what you are looking for. Otherwise you can at least have a look at their middleware component to base your code on.
Perhaps you could use signals to catch people that are not logged in:
http://docs.djangoproject.com/en/dev/ref/signals/#django.core.signals.request_started
Or you could fiddle with the urlpatterns somehow, so that the urlpatterns list only contains the required login stuff when you're not logged in. That would work, right?