Recently, we used Django REST Framework to build the backend for an API-first web application. Here I’ll attempt to explain why we chose REST Framework and how successfully it helped us build our software. Why Use Django REST Framework? RFC-compliant HTTP Response Codes Clients (javascript and rich desktop/mobile/tablet applications) will more than likely expect your REST service endpoint to return status codes as specified in the HTTP/1.1 spec. Returning a 200 response containing {‘status’: ‘error’} goes against the principles of HTTP and you’ll find that HTTP-compliant javascript libraries will get their knickers in a twist. In our backend code, we ideally want to raise native exceptions and return native objects; status codes and content should be inferred and serialised as required. If authentication fails, REST Framework serves a 401 response. Raise a PermissionDenied and you automatically get a 403 response. Raise a ValidationError when examining the submitted data and you get a 400 response. POST successfully and get a 201, PATCH and get a 200. And so on. Methods You could PATCH an existing user profile with just the field that was changed in your UI, DELETE a comment, PUT a new shopping basket, and so on. HTTP methods exist ...

Since few days we have Django 1.7 beta, which brings many changes including built in migrations system. At the company we have one quite new project that is still in development so we decided to use it as a guinea pig and use Django 1.7b1 for it. The upgrade from 1.6 wasn't that problematic, but it required some search-and-fix actions...

上周 Django 1.7 beta 1 released，这是Django 1.7正式版发布周期的一个重要里 […]

Django-filter is a powerful tool, but the documentation is a little sparse. If you want to see examples of custom Filters you have to dive into the source code. I recently wanted to add a filter for methods on a custom QuerySet. Unlike custom managers, custom QuerySets allow you to chain methods. You can read this introduction or refer to the official documentation (at the time of this writing 1.7 wasn't released yet). Here is a short example of what's possible: Product.products.in_stock().price_below(100).has_color('red') You get the idea, it's just a convenient way to write shorter code. So I had my methods and wanted to use them with django-filter, but it took a while to figure out how. After some digging I took the DateRangeField class as a blueprint (0.7 source) and came up with this filter: class QuerySetFilter(django_filters.ChoiceFilter): def __init__(self, options, *args, **kwargs): self.options = options kwargs['choices'] = [ (key, value[0]) for key, value in six.iteritems(self.options)] super(QuerySetFilter, self).__init__(*args, **kwargs) def filter(self, qs, value): method = self.options[value][1]['method'] if 'args' in self.options[value][1]: args = self.options[value][1]['args'] else: args = () if 'kwargs' in self.options[value][1]: kwargs = self.options[value][1]['kwargs'] else: kwargs = {} if method == '': return qs elif not hasattr(qs, method): raise Exception("Improperly configured", ...

Today I was adding tox and Travis-CI support to a Django project, and I ran into a problem: our project doesn’t have a setup.py. Of course I could have added one, but since by convention we don’t package our Django projects (Django applications are a different story) – instead we use virtualenv and pip requirements files - I wanted to see if I could make tox work without changing our project. Turns out it is quite easy: just add the following three directives to your tox.ini. In your [tox] section tell tox not to run setup.py: skipsdist = True In your [testenv] section make tox install your requirements (see here for more details): deps = -r{toxinidir}/dev-requirements.txt Finally, also in your [testenv] section, tell tox how to run your tests: commands = python manage.py test Now you can run tox, and your tests should run! For reference, here is a the complete (albeit minimal) tox.ini file I used: [tox] envlist = py27 skipsdist = True [testenv] deps = -r{toxinidir}/dev-requirements.txt setenv = PYTHONPATH = {toxinidir}:{toxinidir} commands = python manage.py test The post Using tox with Django projects appeared first on David Murphy.

I was recently working on a very CRUDy prototype and decided to use some Django applications and tools together I hadn't combined before: Django-tables2, an excellent application that allows you to quickly build tables Django-filter for easy filtering Django-crispy-forms for easy form creation A view that uses all three apps together could look like this: class FooTableView(TemplateView): template_name = 'myapp/foo_list.html' def get_queryset(self): return Foo.objects.all() def get_context_data(self, **kwargs): context = super(FooTableView, self).get_context_data(**kwargs) filter = FooFilter(self.request.GET, queryset=self.get_queryset()) filter.form.helper = FooFilterFormHelper() table = FooTable(filter.qs) RequestConfig(self.request).configure(table) context['filter'] = filter context['table'] = table return context While this is a basic example there's still a lot going on. The get_context_data method gets called automatically by the TemplateView and populates that template context with our filter and table objects. At first we create an instance of FooFilter and pass it the request's GET data, and the queryset to work on. The filter does what you'd expect and filters the queryset. The filter object also includes a form that's used to filter the data. We inject a crispy form helper to style the form. At last we create the table object based on our filtered queryset and configure it. Displaying everything on the frontend now becomes as easy ...

Django is renowned for being a powerful web framework with a relatively shallow learning curve, making it easy to get into as a beginner and hard to put down as an expert. However, when class-based generic views arrived on the scene, they were met with a lukewarm reception from the community: some said they were too difficult, while others bemoaned a lack of decent documentation. But if you can power through the steep learning curve, you will see they are also incredibly powerful and produce clean, reusable code with minimal boilerplate in your views.py. So to help you on your journey with CBVs, here are some handy tips I wish I had known when I first started learning all about them. This isn’t a tutorial, but more a set of side notes to refer to as you are learning; information which isn’t necessarily available or obvious in the official docs. Starting out If you are just getting to grips with CBVs, the only view you need to worry about is TemplateView. Don’t try anything else until you can make a ‘hello world’ template and view it on your dev instance. This is covered in the docs. Once you can handle ...

A year ago today Malcolm Tredinnick, core contributor to Django suddenly passed away. He was a mentor, and more importantly, a good friend. Here are some of my memories of Malcolm. DjangoCon US: September 2010 This is where Audrey and I first met Malcolm. We ended up spending a good amount of the conference with him just hanging out and having a good time. I remember being honored that such a luminary want to spend time with us, yet more importantly discovering a good friend. During the conference, he peered into the nascent code base of djangopackages.com and asked some pointed questions. We justified a few design decisions, and he nodded and we saw him using similar techniques later. He also gave us some great pointers on things we could do, and I believe we implemented all of them. Summer to Autumn of 2010 Malcolm and I worked together on a project in 2010. During this time we had a number of email and chat discussions. Going over them now I'm impressed by his friendship and generosity of knowledge. I know he was terribly busy but yet he always had time for me in 2010. After about emails where I ...

Learn what it takes to get common queries chain-able, and slimmer. This video goes over custom model managers and custom querysets so you can write better code, cleaner, code by harnessing the power of Django and OOP.Watch Now...

Website developers and administrators today tend to find themselves managing quite a few files, images and other media assets. Whether you upload content to your web application yourself, allow your users to upload files or have files imported from content partners, you'll need to handle the upload process, storage, and possibly thumbnail creation required to showcase your assets online. Many website developers consider moving their assets from hosted storage to cloud-based storage solutions. While somewhat costlier, these modern storage services offer nearly limitless scale and close to 100% uptime. To start using a cloud-based storage, you'll first need to migrate your existing images to the cloud. One way to go at it is to take a plunge, migrate all your existing images to the cloud and update your application to start uploading new images to cloud, going forward. You can use Cloudinary's upload APIs to simplify this process. Another option is to keep maintaining your images in your existing storage location(s), and use dynamic fetch URLs to let Cloudinary fetch these images on-demand, manipulate them on-the-fly and deliver these optimized to your visitors. Today, we wanted to introduce a new, powerful integration option - Cloudinary's new Automatic image uploading, which ...

I run a couple of sites that are based on Wordpress and my blog was one of them. There are several things that annoy me when it comes to Wordpress: too many plugins that you need for a good site updates, updates, updates (I merely spend my time in updating everything and keeping compatible) the Wordpress core code the themes HTML and structure that are PHP files it's PHP PHP-FPM consumes to much memory (if configured to serve a Wordpress site with good performance) So for my blog, which really is static but for the comments, I looked around what tools or frameworks are there to replace the mighty Wordpress with a static site. I wanted something simple, something pythonic. By reading the blogs of people who also had switched from Wordpress I found two tools: Hyde, a pythonic fork of Jekyll, and Pelican. The majority of people who switched chose Pelican, so I did, too. It has more forks on Github and also a repository of plugins. In fact both tools are not very different from each other. Pelican just felt better while using. The switch took me some days, I had a couple of problems to solve/things to ...

Today I've released on Github one of my applications - django-content-bbcode. The parser code is used on my sites and I've decided to refactor it (it's quite old), add some new features (like the tag loader) and release it to the public. There is also pypi package for it. In short django-content-bbcode allows you to replace BBCode alike tags in text (like in articles, news) with whatever you code in Python. I use it to highlight code snippets (with pygments), make nice links to articles by given slug (fetches title, description from database), insert image thumbnails (integrated with frontend image lightbox) and few more. Makes plain text quite dynamic. More detailed description is on Github.

Knowing when a person last logged in is great, except when it isn't. Sometimes you want to know when a user last actually used your app. Since you can stay continually logged in to Django sites we need an alternative way to know when a person was last on your site. If you are using class based views, and you should, then writing a mixin is a good way to go. LastAccessMixin from django.utils import timezone class LastAccessMixin(object): def dispatch(self, request, *args, **kwargs): if user.is_authenticated(): user.accessdata.last_access = timezone.now() user.accessdata.save(update_fields=['last_access']) return super(LastAccessMixin, self).dispatch(request, *args, **kwargs) What Does this Code Do? The first place class based views go is to the disatch method. This "dispatches" the request to the proper place. It determines what type of a request it is be it a GET, POST, HEAD etc. From there it goes to the appropriate method. def dispatch(self, request, *args, **kwargs): We are overriding the dispatch method because it is always called, and only once. We also want to use the dispatch method instead of say get because on some urls we might use a post method, then we wouldn't know the page was used. if user.is_authenticated(): user.accessdata.last_access = timezone.now() user.accessdata.save(update_fields=['last_access']) In the ...

I have a simple video website for my kids and each kid has a separate login. This is so they can each have their own videos, but also so that some videos can be private (ie. hidden from the outside world, or other logged in users). I don't need crazy security though--it wouldn't be the end of the world if somehow someone guessed the magic token and saw some private videos, which are basically just home videos uploaded to Youtube. Videos that I really wouldn't want the public to see don't get uploaded to Youtube in the first place. I couldn't find how to do this easily, although one person on stackoverflow suggested "logging in the user in the view by calling login". The tricky part was figuring out that I had to set the User object's backend to 'django.contrib.auth.backends.ModelBackend'. It's a bit of a hack, but it works, and it's simple. models.py: class MagicToken(models.Model): user = models.OneToOneField(User) magictoken = models.CharField(max_length=128, unique=True)   def __unicode__(self): return unicode(self.user) views.py: from django.http import HttpResponse, HttpResponseRedirect, Http404 import django.contrib.auth.login   class MagicTokenLogin(View): def get(self, request, token): try: magic_token_obj = MagicToken.objects.get(magictoken=token) except MagicToken.DoesNotExist: raise Http404   user = magic_token_obj.user user.backend = 'django.contrib.auth.backends.ModelBackend' django.contrib.auth.login(request, user) ...

Apple ships a patched version of OpenSSL with OS X. If no precautions are taken, their changes rob you of the power to choose your trusted CAs, and break the semantics of a callback that can be used for custom checks and verifications in client software. Abstract If OpenSSL’s certificate verification fails while connecting to a server, Apple’s code will intercept that error and attempt to verify the certificate chain itself with system trust settings from the keyring, potentially throwing away your verification results. Therefore: You can’t limit your trust to certain CAs using SSL_CTX_load_verify_locations. This apparently isn’t news but doesn’t appear to be widely known. Contrary to documentation, returning 0 from SSL_CTX_set_verify’s callback does not make the TLS handshake fail. That makes the callback unsuitable for extra verification purposes (such as hostname verification). MITRE has assigned CVE-2014-2234 for this issue. Apple was not interested in my bug report because they deprecated their OpenSSL years ago. Hence this summary together with work-arounds. The Verify Callback OpenSSL’s SSL_CTX_set_verify allows setting a callback function that is called for each certificate in the chain. It is invoked with the result of OpenSSL’s own verification of each certificate (1 for success, 0 for failure) ...

I'm maintaining my django-ckeditor fork known on PyPi as django-ckeditor-updated. It works with latest Django versions, uses Django file storage, has some new features and fixes. Recently few people including me got write access to the original repository - shaunsephton/django-ckeditor and my commits were merged (not that the PyPi package is still old). When/if the original package will get new and constant releases I'll close my fork, but until then django-ckeditor-update is alive. If you have any issues or pull requests made on the original django-ckeditor please check if they are still valid for current codebase.

he addition of this blog should help people learn more about Django, more often. For a while now there hs been set of things I have wanted to be on GoDjango, but didn't necesarily think they were enough for a full video, or too specific. Goals of the Blog The ultimate goal is to make GoDjango one of the top three places on the internet to come to in order to learn django. To accomplish that here are some of the goals I see for the blog. I hope to provide tutorials about django in a new way Provide more transparency about what is going on with the site instead of a one way stream of communication Provide another avenue of learning django so there are many more topics. About the Blog Eninge Itself This is a custom built blog engine I am creating for this site. However, I am creating it in an open way, but making it an installable app. I have named it dj-blog. The idea behind the installable app is to provide a basic blogging engine which is a bolt on, instead of something that almost takes over the entire code base. I plan to keep ...

The software used for this year's EuroPython conference website is actually a continuation of what was original developed by Markus Zapke-Gründemann and Stephan Jäkel for the very first PyConDE conference in Leipzig 2011. Over the years people joined/moved on but back then just as today the team has always been extremely small so we are always looking for people to help out. If you are in Berlin during the weekend of March 22 - March 23 or simply want to help with the project, there is a coding sprint for the software taking place in the offices of Veit Schiele Communications GmbH. Markus Holtermann will be there and I will join remotely from Graz (Austria) to answer all question you might have and or pair. In the next weeks until the sprint happens I will try to update the project's documentation (which is mostly still focused on the PyConDE-featureset) so that you will have a smoother start. For details please check out the page at meetup.com. If you want to take at the software first, you can find it on Github. "EuroPython Conference Software Sprint in Berlin" was written by Horst Gutmann and is licensed for reuse under Creative Commons ...

Using things like CoffeeScript, Stylus, Less, SASS/SCSS, etc... Is becoming a more and more core part of development, but the problem usually is compiling these assets for use on our site. With django-pipeline this process is now much easier in both development and production. Learn the few easy steps it takes to get started with it.Watch Now...

Das nächste Treffen der Django-UserGroup Hamburg findet am Mittwoch, den 12.03.2014 um 19:30 statt. Dieses Mal treffen wir uns wieder in den Räumen der intosite GmbH im Poßmoorweg 1 (3.OG) in 22301 Hamburg. Die Organisation der Django-UserGroup Hamburg findet ab jetzt über Meetup statt. Um automatisch über zukünftige Treffen informiert zu werden, werdet bitte Mitglied in unserer Meetup-Gruppe: http://www.meetup.com/django-hh Für dieses Treffen ist ein Vortrag über Anpassungen im Django Admin geplant. Es werden Anpassungen gezeigt und erklärt, die über die dokumentierten Optionen hinausgehen. Bei Interesse kann ich außerdem ein wenig über erste Erfahrungen mit der Django 1.7 Alpha-Version und Mozilla-Circus als Prozessmanager berichten. Eingeladen ist wie immer jeder der Interesse hat sich mit anderen Djangonauten auszutauschen. Eine Anmeldung ist nicht erforderlich, hilft aber bei der Planung. Weitere Informationen über die UserGroup gibt es auf unserer Webseite www.dughh.de.

I gave a quick lightning talk at this year’s (and first ever) Django Weekend in Cardiff about how to use django-configurations to improve your Django settings. I posted the slides on Slideshare. There is plenty of documentation about django-configurations so please don’t hesitate to go and read it now, but in case anyone is interested, I’d like to explain why I wrote it. Ever since I’ve used Django it bothered me that I had to use the module settings.py with a bunch of Python variables (with capitalized names no less) to glue together the code that my site is based on. I think it was designed like this to follow the Zen of Python (“Explicit is better than implicit”) but only had relatively small projects in mind. Given the reality of today’s Django ecosystem (~5000 apps on PyPI) it seems ridiculous that Django still encourages new users to accept such conventions as the best practice to structure Python projects. We should not only help them get started quickly but also to grow their project when the time comes. Django is just Python. And yet we’re limiting it to use programming patterns for its configuration that are hard to grow with ...

I work on a test automation framework at my day job. It's Django-powered, and there's a lot of neat stuff going on with it. I love building it! Anyway, yesterday during a meeting, I got an email from a co-worker who seemed to be in a bit of a panic. He wrote that he accidentally deleted the wrong thing, and, being Django on the backend, a nice cascading delete went with it (why he ignored the confirmation page is beyond me). He asked if we had any database backups that we could restore, also curious as to how long it would take. Well, lucky for him (and me!), I decided very early on while working on the project that I would implement a custom database driver that never actually deletes stuff (mostly for auditing purposes). Instead, it simply marks any record the user asks to delete as inactive, thus hiding it from the UI. Along with this, nightly database backups were put in place. I'll be quite honest--I had a moment of fear as I considered how long it had been since I really checked that either of these two things were still working as designed. I implemented the database ...

Django Debugging Bookmarklet Trick

By now Django Weekend 2014 has been over for more than a week ... but now I finally found the time to also write about it! For those who don't know, Django Weekend was a one-track conference that happened between 7th and 9th of February in Cardiff, Wales, UK. All that plus it was awesome! Personally, I'm a huge fan of one-track conferences. They keep everyone extemely focused and you don't "miss" anything. Usually this kind of conference also has a very strictly limited number of attendees which helps making the event feel like an extended family gathering (which is something I always feel when attending a Python conference for some reason). The conference took place at Cardiff University and the talks were presents in an auditorium of the Chemistry Department. Very classy! There were also quite a few students in attendance, for some it was even their very first Python event. Thanks to the location there was also no real problem with any kind of infrastructure (perhaps with the exception of the heating on the sprint day ;-)). In most public buildings that have to deal with tons of students on a day-to-day basis things like Wifi simply usually ...

Some may already know about this - on Kickstarter there is a fund raising for implementing improved PostgreSQL support in Django. Marc Tamlyn is in the lead and at this very moment there are 25 days to go and the project is already reaching extended goals. It looks like we will see another crowd-funding project successful, making Django better. First one - the Django migrations is on its way for a release with Django 1.7.