Django community: Community blog posts RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Record Last Access Not Just Last Login
Knowing when a person last logged in is great, except when it isn't. Sometimes you want to know when a user last actually used your app. Since you can stay continually logged in to Django sites we need an alternative way to know when a person was last on your site. If you are using class based views, and you should, then writing a mixin is a good way to go. LastAccessMixin from django.utils import timezone class LastAccessMixin(object): def dispatch(self, request, *args, **kwargs): if request.user.is_authenticated(): request.user.accessdata.last_access = timezone.now() request.user.accessdata.save(update_fields=['last_access']) return super(LastAccessMixin, self).dispatch(request, *args, **kwargs) What Does this Code Do? The first place class based views go is to the disatch method. This "dispatches" the request to the proper place. It determines what type of a request it is be it a GET, POST, HEAD etc. From there it goes to the appropriate method. def dispatch(self, request, *args, **kwargs): We are overriding the dispatch method because it is always called, and only once. We also want to use the dispatch method instead of say get because on some urls we might use a post method, then we wouldn't know the page was used. if request.user.is_authenticated(): request.user.accessdata.last_access = timezone.now() request.user.accessdata.save(update_fields=['last_access']) In the … -
Logging in to a Django site with a magic token
I have a simple video website for my kids and each kid has a separate login. This is so they can each have their own videos, but also so that some videos can be private (ie. hidden from the outside world, or other logged in users). I don't need crazy security though--it wouldn't be the end of the world if somehow someone guessed the magic token and saw some private videos, which are basically just home videos uploaded to Youtube. Videos that I really wouldn't want the public to see don't get uploaded to Youtube in the first place. I couldn't find how to do this easily, although one person on stackoverflow suggested "logging in the user in the view by calling login". The tricky part was figuring out that I had to set the User object's backend to 'django.contrib.auth.backends.ModelBackend'. It's a bit of a hack, but it works, and it's simple. models.py: class MagicToken(models.Model): user = models.OneToOneField(User) magictoken = models.CharField(max_length=128, unique=True) def __unicode__(self): return unicode(self.user) views.py: from django.http import HttpResponse, HttpResponseRedirect, Http404 import django.contrib.auth.login class MagicTokenLogin(View): def get(self, request, token): try: magic_token_obj = MagicToken.objects.get(magictoken=token) except MagicToken.DoesNotExist: raise Http404 user = magic_token_obj.user user.backend = 'django.contrib.auth.backends.ModelBackend' django.contrib.auth.login(request, user) … -
Two Scoops of Django 1.6 at DjangoCon Europe
Are you attending DjangoCon Europe? We have good news for you: DjangoCon Europe attendees can get a copy of Two Scoops of Django: Best Practices for Django 1.6 at the conference (pre-order required). How to Order Your Copy To order a copy for pickup at DjangoCon Europe, get it here: http://www.weezevent.com/djangocon-europe Note that you must pre-order it via that page, and that sales will close on May 1, 2014, 2 weeks before DjangoCon Europe. This is to give us an exact count of how many books to ship to DjangoCon Europe. Unfortunately, we can't sign or individualize these copies as they'll be sent directly from the drop shipper. The 1.6 edition is a thick book that is packed with tons of updated material. Feedback from those who already owned the 1.5 edition has been overwhelmingly positive. We honestly tried our hardest to provide a useful resource, and we hope it is greatly helpful to readers. Help a Speaker Attend Proceeds from sales of the book will be used to subsidize the expenses of a speaker on a low budget. As anyone who’s been a speaker at a conference knows, putting together a great talk is not easy. It can be … -
Two Scoops of Django 1.6 at DjangoCon Europe
Are you attending DjangoCon Europe? We have good news for you: DjangoCon Europe attendees can get a copy of Two Scoops of Django: Best Practices for Django 1.6 at the conference (pre-order required). How to Order Your Copy To order a copy for pickup at DjangoCon Europe, get it here: http://www.weezevent.com/djangocon-europe Note that you must pre-order it via that page, and that sales will close on May 1, 2014, 2 weeks before DjangoCon Europe. This is to give us an exact count of how many books to ship to DjangoCon Europe. Unfortunately, we can't sign or individualize these copies as they'll be sent directly from the drop shipper. The 1.6 edition is a thick book that is packed with tons of updated material. Feedback from those who already owned the 1.5 edition has been overwhelmingly positive. We honestly tried our hardest to provide a useful resource, and we hope it is greatly helpful to readers. Help a Speaker Attend Proceeds from sales of the book will be used to subsidize the expenses of a speaker on a low budget. As anyone who’s been a speaker at a conference knows, putting together a great talk is not easy. It can be … -
Two Scoops of Django 1.6 at DjangoCon Europe
Are you attending DjangoCon Europe? We have good news for you: DjangoCon Europe attendees can get a copy of Two Scoops of Django: Best Practices for Django 1.6 at the conference (pre-order required). How to Order Your Copy To order a copy for pickup at DjangoCon Europe, get it here: http://www.weezevent.com/djangocon-europe Note that you must pre-order it via that page, and that sales will close on May 1, 2014, 2 weeks before DjangoCon Europe. This is to give us an exact count of how many books to ship to DjangoCon Europe. Unfortunately, we can't sign or individualize these copies as they'll be sent directly from the drop shipper. The 1.6 edition is a thick book that is packed with tons of updated material. Feedback from those who already owned the 1.5 edition has been overwhelmingly positive. We honestly tried our hardest to provide a useful resource, and we hope it is greatly helpful to readers. Help a Speaker Attend Proceeds from sales of the book will be used to subsidize the expenses of a speaker on a low budget. As anyone who’s been a speaker at a conference knows, putting together a great talk is not easy. It can be … -
Apple OpenSSL Verification Surprises
Apple ships a patched version of OpenSSL with OS X. If no precautions are taken, their changes rob you of the power to choose your trusted CAs, and break the semantics of a callback that can be used for custom checks and verifications in client software. Abstract If OpenSSL’s certificate verification fails while connecting to a server, Apple’s code will intercept that error and attempt to verify the certificate chain itself with system trust settings from the keyring, potentially throwing away your verification results. Therefore: You can’t limit your trust to certain CAs using SSL_CTX_load_verify_locations. This apparently isn’t news but doesn’t appear to be widely known. Contrary to documentation, returning 0 from SSL_CTX_set_verify’s callback does not make the TLS handshake fail. That makes the callback unsuitable for extra verification purposes (such as hostname verification). MITRE has assigned CVE-2014-2234 for this issue. Apple was not interested in my bug report because they deprecated their OpenSSL years ago. Hence this summary together with work-arounds. The Verify Callback OpenSSL’s SSL_CTX_set_verify allows setting a callback function that is called for each certificate in the chain. It is invoked with the result of OpenSSL’s own verification of each certificate (1 for success, 0 for failure) … -
Apple OpenSSL Verification Surprises
Apple ships a patched version of OpenSSL with OS X. If no precautions are taken, their changes rob you of the power to choose your trusted CAs, and break the semantics of a callback that can be used for custom checks and verifications in client software. Abstract If OpenSSL’s certificate verification fails while connecting to a server, Apple’s code will intercept that error and attempt to verify the certificate chain itself with system trust settings from the keyring, potentially throwing away your verification results. Therefore: You can’t limit your trust to certain CAs using SSL_CTX_load_verify_locations. This apparently isn’t news but doesn’t appear to be widely known. Contrary to documentation, returning 0 from SSL_CTX_set_verify’s callback does not make the TLS handshake fail. That makes the callback unsuitable for extra verification purposes (such as hostname verification). MITRE has assigned CVE-2014-2234 for this issue. Apple was not interested in my bug report because they deprecated their OpenSSL years ago. Hence this summary together with work-arounds. The Verify Callback OpenSSL’s SSL_CTX_set_verify allows setting a callback function that is called for each certificate in the chain. It is invoked with the result of OpenSSL’s own verification of each certificate (1 for success, 0 for failure) … -
Changes in django-ckeditor repositories
I'm maintaining my django-ckeditor fork known on PyPi as django-ckeditor-updated. It works with latest Django versions, uses Django file storage, has some new features and fixes. Recently few people including me got write access to the original repository - shaunsephton/django-ckeditor and my commits were merged (not that the PyPi package is still old). When/if the original package will get new and constant releases I'll close my fork, but until then django-ckeditor-update is alive. If you have any issues or pull requests made on the original django-ckeditor please check if they are still valid for current codebase. -
GoDjango Blog and Release Schedule Modification
The addition of this blog should help people learn more about Django, more often. For a while now there hs been set of things I have wanted to be on GoDjango, but didn't necessarily think they were enough for a full video, or too specific. Goals of the Blog The ultimate goal is to make GoDjango one of the top three places on the internet to come to in order to learn django. To accomplish that here are some of the goals I see for the blog. I hope to provide tutorials about django in a new way Provide more transparency about what is going on with the site instead of a one way stream of communication Provide another avenue of learning django so there are many more topics. About the Blog Engine Itself This is a custom built blog engine I am creating for this site. However, I am creating it in an open way, but making it an installable app. I have named it dj-blog. The idea behind the installable app is to provide a basic blogging engine which is a bolt on, instead of something that almost takes over the entire code base. I plan to keep … -
Compile and Compress Assets with django-pipeline
Using things like CoffeeScript, Stylus, Less, SASS/SCSS, etc... Is becoming a more and more core part of development, but the problem usually is compiling these assets for use on our site. With django-pipeline this process is now much easier in both development and production. Learn the few easy steps it takes to get started with it.Watch Now... -
Einladung zur Django-UserGroup Hamburg am 12. März
Das nächste Treffen der Django-UserGroup Hamburg findet am Mittwoch, den 12.03.2014 um 19:30 statt. Dieses Mal treffen wir uns wieder in den Räumen der intosite GmbH im Poßmoorweg 1 (3.OG) in 22301 Hamburg. Die Organisation der Django-UserGroup Hamburg findet ab jetzt über Meetup statt. Um automatisch über zukünftige Treffen informiert zu werden, werdet bitte Mitglied in unserer Meetup-Gruppe: http://www.meetup.com/django-hh Für dieses Treffen ist ein Vortrag über Anpassungen im Django Admin geplant. Es werden Anpassungen gezeigt und erklärt, die über die dokumentierten Optionen hinausgehen. Bei Interesse kann ich außerdem ein wenig über erste Erfahrungen mit der Django 1.7 Alpha-Version und Mozilla-Circus als Prozessmanager berichten. Eingeladen ist wie immer jeder der Interesse hat sich mit anderen Djangonauten auszutauschen. Eine Anmeldung ist nicht erforderlich, hilft aber bei der Planung. Weitere Informationen über die UserGroup gibt es auf unserer Webseite www.dughh.de. -
Whew.
I work on a test automation framework at my day job. It's Django-powered, and there's a lot of neat stuff going on with it. I love building it! Anyway, yesterday during a meeting, I got an email from a co-worker who seemed to be in a bit of a panic. He wrote that he accidentally deleted the wrong thing, and, being Django on the backend, a nice cascading delete went with it (why he ignored the confirmation page is beyond me). He asked if we had any database backups that we could restore, also curious as to how long it would take. Well, lucky for him (and me!), I decided very early on while working on the project that I would implement a custom database driver that never actually deletes stuff (mostly for auditing purposes). Instead, it simply marks any record the user asks to delete as inactive, thus hiding it from the UI. Along with this, nightly database backups were put in place. I'll be quite honest--I had a moment of fear as I considered how long it had been since I really checked that either of these two things were still working as designed. I implemented the database … -
Django Debugging Bookmarklet Trick
Django Debugging Bookmarklet Trick -
Newsletter #1
February 17th, 2013 We Met Four Years Ago Today! We met at PyCon 2010 in Atlanta on February 17, 2010. Our life together has been wonderful ever since. On Daniel's blog is a recap of how we met and the days that followed. Two Scoops of Django 1.6 is a #1 Python Best Seller! On her blog, Audrey Roy covers the success of Two Scoops of Django 1.6 on Amazon. A week since launch, some hours we're #1 and other hours Mark Lutz's famous Learning Python is in the lead. Our 1.6 edition will be the last ever update to Two Scoops of Django (see our FAQ). It's greatly expanded and full of good stuff. Jason Meridth Wins the Gelato Contest! For the launch we ran a contest, with instructions slightly hidden in the long change list. Readers had to identify the location of our gelato referenceand report it on GitHub. Jason Meridth rose to the occasion and won the prize. When we asked Jason for his snail mail address so we could send him a book, he responded asking that we donate the book to a developer in need instead. Needless to say, we're impressed by his sense of … -
Newsletter #1
February 17th, 2013 We Met Four Years Ago Today! We met at PyCon 2010 in Atlanta on February 17, 2010. Our life together has been wonderful ever since. On Daniel's blog is a recap of how we met and the days that followed. Two Scoops of Django 1.6 is a #1 Python Best Seller! On her blog, Audrey Roy covers the success of Two Scoops of Django 1.6 on Amazon. A week since launch, some hours we're #1 and other hours Mark Lutz's famous Learning Python is in the lead. Our 1.6 edition will be the last ever update to Two Scoops of Django (see our FAQ). It's greatly expanded and full of good stuff. Jason Meridth Wins the Gelato Contest! For the launch we ran a contest, with instructions slightly hidden in the long change list. Readers had to identify the location of our gelato referenceand report it on GitHub. Jason Meridth rose to the occasion and won the prize. When we asked Jason for his snail mail address so we could send him a book, he responded asking that we donate the book to a developer in need instead. Needless to say, we're impressed by his sense of … -
Newsletter #1
February 17th, 2013 We Met Four Years Ago Today! We met at PyCon 2010 in Atlanta on February 17, 2010. Our life together has been wonderful ever since. On Daniel's blog is a recap of how we met and the days that followed. Two Scoops of Django 1.6 is a #1 Python Best Seller! On her blog, Audrey Roy covers the success of Two Scoops of Django 1.6 on Amazon. A week since launch, some hours we're #1 and other hours Mark Lutz's famous Learning Python is in the lead. Our 1.6 edition will be the last ever update to Two Scoops of Django (see our FAQ). It's greatly expanded and full of good stuff. Jason Meridth Wins the Gelato Contest! For the launch we ran a contest, with instructions slightly hidden in the long change list. Readers had to identify the location of our gelato referenceand report it on GitHub. Jason Meridth rose to the occasion and won the prize. When we asked Jason for his snail mail address so we could send him a book, he responded asking that we donate the book to a developer in need instead. Needless to say, we're impressed by his sense of … -
Improving PostgreSQL support in Django with the help of Kickstarter crowd-funding
Some may already know about this - on Kickstarter there is a fund raising for implementing improved PostgreSQL support in Django. Marc Tamlyn is in the lead and at this very moment there are 25 days to go and the project is already reaching extended goals. It looks like we will see another crowd-funding project successful, making Django better. First one - the Django migrations is on its way for a release with Django 1.7. -
Django blog tutorial - the next generation - part 4
Hello again! As promised, in this instalment we’ll implement categories and tags, as well as an RSS feed. As usual, we need to switch into our virtualenv: $ source venv/bin/activate Categories It’s worth taking a little time at this point to set out what we mean by categories and tags in this case, as the two can be very similar. In this case, we’ll use the following criteria: A post can have only one category, or none, but a category can be applied to any number of posts A post can have any number of tags, and a tag can be applied to any number of posts If you’re not too familiar with relational database theory, the significance of this may not be apparent, so here’s a quick explanation. Because the categories are limited to one per post, the relationship between a post and a category is known as one-to-many. In other words, one post can only have one category, but one category can have many posts. You can therefore define the categories in one table in your database, and refer to them by their ID (the reference to the category in the post table is referred to as a … -
The Appendix That Didn't Survive
One of the suggestions we received for new material for Two Scoops of Django: Best Practices for Django 1.6 was a list of links from the book. Thinking this was a good idea and worth a few pages, we decided the list could go into a new portion: 'Appendix G: Links'. Near the end of the project I wrote a script that generated the new appendix. I generated the list and discovered even without any sort of organization besides alphabetization, the content added 12 pages. Think about that for a second... 12 pages of links. I don't know about you, but if I bought a book with 12 pages of links I would scream 'filler'! The decision then was to cut Appendix G from the book. It didn't survive. Or did it? For the sake of posterity, I've included a version of the code used to get the links out of Two Scoops. Instead of generating LaTeX, this generates an HTML list of links from Two Scoops of Django 1.6. Enjoy! Below is the result of that code. Start scrolling! 12factor.net/config 12factor.net 2scoops.co/1.5-transaction-recipe 2scoops.co/1.6-additional-security-topics 2scoops.co/1.6-admindocs 2scoops.co/1.6-allowed-hosts 2scoops.co/1.6-cached_property 2scoops.co/1.6-cbv-generic-display 2scoops.co/1.6-cbv-generic-editing 2scoops.co/1.6-cbv-mixins 2scoops.co/1.6-change-list 2scoops.co/1.6-code 2scoops.co/1.6-coding-style 2scoops.co/1.6-cookie-based-sessions 2scoops.co/1.6-custom-user-model-example 2scoops.co/1.6-db-optimization 2scoops.co/1.6-docs-on-html-scraping 2scoops.co/1.6-errata/ 2scoops.co/1.6-errata 2scoops.co/1.6-format_html … -
The Appendix That Didn't Survive
One of the suggestions we received for new material for Two Scoops of Django: Best Practices for Django 1.6 was a list of links from the book. Thinking this was a good idea and worth a few pages, we decided the list could go into a new portion: 'Appendix G: Links'. Near the end of the project I wrote a script that generated the new appendix. I generated the list and discovered even without any sort of organization besides alphabetization, the content added 12 pages. Think about that for a second... 12 pages of links. I don't know about you, but if I bought a book with 12 pages of links I would scream 'filler'! The decision then was to cut Appendix G from the book. It didn't survive. Or did it? For the sake of posterity, I've included a version of the code used to get the links out of Two Scoops. Instead of generating LaTeX, this generates an HTML list of links from Two Scoops of Django 1.6. Enjoy! Below is the result of that code. Start scrolling! 12factor.net/config 12factor.net 2scoops.co/1.5-transaction-recipe 2scoops.co/1.6-additional-security-topics 2scoops.co/1.6-admindocs 2scoops.co/1.6-allowed-hosts 2scoops.co/1.6-cached_property 2scoops.co/1.6-cbv-generic-display 2scoops.co/1.6-cbv-generic-editing 2scoops.co/1.6-cbv-mixins 2scoops.co/1.6-change-list 2scoops.co/1.6-code 2scoops.co/1.6-coding-style 2scoops.co/1.6-cookie-based-sessions 2scoops.co/1.6-custom-user-model-example 2scoops.co/1.6-db-optimization 2scoops.co/1.6-docs-on-html-scraping 2scoops.co/1.6-errata/ 2scoops.co/1.6-errata 2scoops.co/1.6-format_html … -
The Appendix That Didn't Survive
One of the suggestions we received for new material for Two Scoops of Django: Best Practices for Django 1.6 was a list of links from the book. Thinking this was a good idea and worth a few pages, we decided the list could go into a new portion: 'Appendix G: Links'. Near the end of the project I wrote a script that generated the new appendix. I generated the list and discovered even without any sort of organization besides alphabetization, the content added 12 pages. Think about that for a second... 12 pages of links. I don't know about you, but if I bought a book with 12 pages of links I would scream 'filler'! The decision then was to cut Appendix G from the book. It didn't survive. Or did it? For the sake of posterity, I've included a version of the code used to get the links out of Two Scoops. Instead of generating LaTeX, this generates an HTML list of links from Two Scoops of Django 1.6. Enjoy! Below is the result of that code. Start scrolling! 12factor.net/config 12factor.net 2scoops.co/1.5-transaction-recipe 2scoops.co/1.6-additional-security-topics 2scoops.co/1.6-admindocs 2scoops.co/1.6-allowed-hosts 2scoops.co/1.6-cached_property 2scoops.co/1.6-cbv-generic-display 2scoops.co/1.6-cbv-generic-editing 2scoops.co/1.6-cbv-mixins 2scoops.co/1.6-change-list 2scoops.co/1.6-code 2scoops.co/1.6-coding-style 2scoops.co/1.6-cookie-based-sessions 2scoops.co/1.6-custom-user-model-example 2scoops.co/1.6-db-optimization 2scoops.co/1.6-docs-on-html-scraping 2scoops.co/1.6-errata/ 2scoops.co/1.6-errata 2scoops.co/1.6-format_html … -
API First
Recently, we were faced with the task of writing an API-first web application in order to support future mobile platform development. Here’s a summary of the project from the point of view of one of the developers. Agile API For the first couple of iterations, we had problems demonstrating the project progress to the customer at the end of iteration meetings. The customer on this project was extremely understanding and reasonably tech-savvy but despite that, he remained uninterested in the progress of the API and became quite concerned by the lack of UI progress. Although we were busy writing and testing the API code sitting just beneath the surface, letting the customer watch our test suite run would have achieved nothing. It was frustrating to find that, when there was nothing for the customer to click around on, we couldn’t get the level of engagement and collaboration we would typically achieve. In the end, we had to rely on the wireframes from the design process which the customer had signed off on to inform our technical decisions and, to allay the customer’s fears, we ended up throwing together some user interfaces which lacked any functionality purely to give the illusion … -
Django and Invalid HTTP_HOST headers with nginx
Django has had a setting for allowed hostnames for a while [1], but starting with the 1.5 release it was required [2] to set it. I'm not sure why I only started getting Invalid HTTP_HOST header emails after my upgrade to 1.6, but anyway, they started pouring in. It's a litte confusing why anybody would try to access one of my sites with a fake hostname, but fixing this is easy enough. The example below uses nginx' catch-all server name feature [3]. Raw server { listen 80 default_server; server_name _; rewrite ^/(.*) http://example.com/$1 permanent; } -
Django and Invalid HTTP_HOST headers with nginx
Django has had a setting for allowed hostnames for a while [1], but starting with the 1.5 release it was required [2] to set it. I'm not sure why I only started getting Invalid HTTP_HOST header emails after my upgrade to 1.6, but anyway, they started pouring in. It's a litte confusing why anybody would try to access one of my sites with a fake hostname, but fixing this is easy enough. The example below uses nginx' catch-all server name feature [3]. Raw server { listen 80 default_server; server_name _; rewrite ^/(.*) http://example.com/$1 permanent; } -
Create a blog in minutes on App Engine with Django and Cloud Sql
Intro Django was actively supported at an early stage of the Python runtime in App Engine SDK through the notable django-nonrel framework, a fork of the original project that adds support for NoSql databases. But starting from the App Engine SDK 1.6.2, released more than two years ago, you can instead deploy Django’s official releases and take advantages from the whole stack using Google Cloud Sql. Case study We’re going to setup a minimal project using Zinnia, a blog engine built on top of Django and a fairly complex web application that leverages several components of the framework, a good benchmark for showing how easy can be deploying on App Engine. Prerequisites Setting up the Google Cloud services goes beyond the scope of this article and is well documented, as well as having a working Python environment, so the following it’s assumed: you already started a Google Cloud project a Google Cloud Sql instance is up and running and you created a database for this project you created a bucket on Google Cloud Storage to store media files you have a working installation of Python 2.7 and pip on your local machine you installed and configured the Python App Engine …