Django community: RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Django: Log and block brute force attempts
Here is a very simple mechanism for wrapping a decorator around your views to protect them against brute force attempts. For instance, if you have a secret file download available only with the right secret (/view/id/secret-hash/), you expose your view to simple brute force attempts. Simply put, this decorator will log a 404 response object or Http404 exception, count pr. IP and return status=400 and send you an email whenever a new block is put into place. Model class IllegalLookup(LogModifications): """Log and block illegal lookups""" created = models.DateTimeField( verbose_name=_(u'created'), auto_now_add = True, ) modified = models.DateTimeField( verbose_name=_(u'created'), auto_now = True, ) ip_address = models.CharField( max_length=16, null=True, blank=True, verbose_name=_(u'IP address'), ) path = models.CharField( max_length=255, null=True, blank=True, verbose_name=_(u'path'), help_text=_(u'First attempted path is always logged'), ) count = models.PositiveIntegerField( default=1, ) @classmethod def log_lookup(cls, ip_address, path): try: now = timezone.now() expired = now - timedelta(minutes=settings.BLOCK_EXPIRY) lookup = cls.objects.get(ip_address=ip_address, modified__gte=expired) lookup.count += 1 lookup.save() except cls.DoesNotExist: # Delete old entries first cls.objects.filter(ip_address=ip_address).delete() lookup = cls.objects.create(ip_address=ip_address, path=path) lookup.save() @classmethod def is_blocked(cls, ip_address): try: now = timezone.now() expired = now - timedelta(minutes=settings.BLOCK_EXPIRY) lookup = cls.objects.get(ip_address=ip_address, modified__gte=expired) if lookup.count == settings.BLOCK_ATTEMPTS: mail_admins("IP blocked", "{0} is now blocked, IllegalLookup id: {1}".format(ip_address, lookup.id)) if lookup.count > … -
Using Django flatpages content in other (class-based) views
The flatpages application that ships with Django is both (intentionally) simple and useful. In previous projects I’ve found myself both extending the models (to add data like meta tags) and duplicating the whole application (when I wanted to add a whole bunch of extra details, multiple content sections, or a WYSIWYG editor). In a recent project I had the need to editable (by administrators) content in other views, and I turned to flatpages again for my solution. What I did was to create a class-based view mixin to find the flatpage for a given URL (defaulting to the one defined in request.path), and include the resulting object in the context (once the title and content had been marked safe of course): from django.contrib.flatpages.models import FlatPage class FlatPageMixin(object): """ Retrieves the FlatPage object for the specified url, and includes it in the context. If no url is specified, request.path is used. """ url = None def get_context_data(self, **kwargs): if not self.url: self.url = self.request.path context = super(FlatPageMixin, self).get_context_data(**kwargsG) try: flatpage = FlatPage.objects.get(url=self.url) flatpage.title = mark_safe(flatpage.title) flatpage.content = mark_safe(flatpage.content) context["flatpage"] = flatpage except FlatPage.DoesNotExist: context["flatpage"] = None return context Then you just need to ensure a flatpage exists for the expected (or … -
Better UI prototyping with a Django twist
As part of our new appreciation for start-up organizations and their love of Django, we thought we’d share how we approach the concept of rapid UI prototyping.Early stage start-up companies often need a proof of concept to help convey the vision of the new business model. Yes, there ... -
Team Django Update
Reflections on my Progess Team Django is progressing nicely so far. We have provided a variety of contributions to Django. If you proceed to our Contributions page on the team wiki can you view each contribution. So far the team has contributed 4 documentation changes, one bug report, and fixed a bug and provided a regression test for the fix. I feel the team is working well together, and I am content with our current progress. Not to say areas could not be improved, but that is the nature of all things. As we progress we are attempting to increase the difficulty in the scale of our contributions, so I am unsure if the current progress will be maintained. To ease the transition to tackling more difficult tickets, team members will need to have a better understanding of the Django codebase.Thus I am proposing we read through the code and focus on the unit tests. Yes, I did say focus on the unit tests. As one of the hosts pointed out in the 25th episode of Programming Throwdown, well written unit tests serve as great documentation of the program's code. So by reading through unit tests, developers new to the … -
Nice Django sprint in Utrecht
Last weekend I joined in the world wide Django sprint. Nice! I went to Utrecht (NL), which is just half an hour from my doorstep :-) We could use the offices of the Dutch game garden for free, for they want to support initiatives like a Django sprint. It was a nice place in a former bank office right in the center of Utrecht. On saturday some 50 people attended, on sunday 25 (both my estimate). Three core committers were there: Jannis Leidel, Aymeric Augustin and Florian Apolloner. That's really a tip when you're organizing a sprint: get one or more core committers on board for questions, tips and for the occasional nudge to accept pull requests. It just makes the whole process work much smoother. By design, Django's community process is pretty much centered on the double handful of active core committers (at least to my eyes; by comparison I'm used to 80 committers to the core Plone code). For me, getting to know a couple of people better (amongst them two core committers I hadn't met that way) was the highlight of the weekend. Github talks about "social coding": they really have a point. Don't underestimate the social … -
The restful Marketplace
While the Firefox Marketplace is being built, we are starting to make some fundamental changes in the way the Marketplace is constructed behind the scenes. In the beginning there was one big Django site that served all the requests back to the users. Over the course of the last few months that has changed to being a smaller number of services that provide APIs to each other. We’ve got separate services for payments (and this), statistics (and this) and a new front end client and plans for more. The main communication mechanism between them is going to be REST APIs. For REST APIs in Django we are currently using Tastypie, which does a pretty good job of doing a lot of things you’d need. There are a few frustrations with Tastypie and going forward I’m extremely tempted by Cornice, which we currently use for statistics. When you ask people about consuming REST APIs in Python, lots of people tell me “we just use requests“. Requests is a great library for making HTTP calls, but when you are developing against a REST API having all the overhead of coping with HTTP is a bit much. Coping with client errors versus HTTP … -
Django staticfiles documentation
At the Django sprint in Utrecht (NL), I'm working on the Django staticfiles documentation (see ticket 19582). To get my own thoughts sorted out, I'm trying to rewrite the existing HOWTO here in this blog entry :-) Very short, of course. Mostly to figure out a working structure. A funny thing happened when writing it: I learned new things. We're sprinting on the staticfiles docs with four people and each one sees different new things. I personally didn't know the {% static "app/logo.png" %} template tag existed to help you with custom backends. And I did take a look at those custom storage backends at the same time as I hadn't really looked at them before. Anyway, here's a short howto on Django's staticfiles: Managing static files (css, javascript, jpg) Your website will probably include images and css files. Django provides django.contrib.staticfiles to help you manage them. Note: the term static files differentiates them from the files that are uploaded to your site (though FileField, for instance). Those uploaded files are called media files. You'll see the difference in some of the settings. Using django.contrib.staticfiles By default, Django looks for static files in directories called static/ inside your apps and … -
Getting vagrant box networking working again after wifi change
I'm using vagrant for my osx python/django work. There's one big problem I had: networking would stop working when I switched between work and home. Probably because of a different wifi. Pretty irritating, as I'd have to do a full vagrant halt and vagrant up dance. In the end, the solution was pretty obvious and simple. I didn't think of it myself though :-) The solution was on stackoverflow. Inside the VM, execute: sudo /etc/init.d/networking restart Hurray! (I've of course added it as a shell script to my personal tool/scripts/whatever collection.) -
Another scoop of Django testing
Two scoops of Django is a good book, and I recommend it to anyone who's working with Django. So when I finally got around to using travis-ci I turned to the packaging and testing chapters, but couldn't find anything that would really help me. Travis is a continuous integration service and is free for open source projects. Travis itself is also open source, so you can run your own servers in-house if necessary. Why would you want to use it? It allows you to test your applications against different OS configurations, so you can make sure your code will work on other setups, and not only on your own developement box. Even if you already test on two or three different systems, Travis will probably be an improvement. Travis-ci supports many languages other than Python, a variety of databases and even xvfb for GUI tools, which is handy for in-browser testing. Self-contained tests I always thought a package should have self-contained tests, so that you can run them without adding the app to a local project. The book focuses on doing project-wide testing. I used to use an approach of including a minimal test project in the package's source tree … -
Another scoop of Django testing
Two scoops of Django is a good book, and I recommend it to anyone who's working with Django. So when I finally got around to using travis-ci I turned to the packaging and testing chapters, but couldn't find anything that would really help me. Travis is a continuous integration service and is free for open source projects. Travis itself is also open source, so you can run your own servers in-house if necessary. Why would you want to use it? It allows you to test your applications against different OS configurations, so you can make sure your code will work on other setups, and not only on your own developement box. Even if you already test on two or three different systems, Travis will probably be an improvement. Travis-ci supports many languages other than Python, a variety of databases and even xvfb for GUI tools, which is handy for in-browser testing. Self-contained tests I always thought a package should have self-contained tests, so that you can run them without adding the app to a local project. The book focuses on doing project-wide testing. I used to use an approach of including a minimal test project in the package's source tree … -
Android Fragments 101
_**Prerequisite**: You are already aware of the [basics of building a HelloWorld](http://developer.android.com/training/index.html) in Android and know [how to use the APIs provided in the support library](http://developer.android.com/training/basics/fragments/support-lib.html)._ _The code example is available on [github](http://github.com/iontech/Fragments_Example "Fragments Example")._ _____________________________________________________________ Ever wanted a code snippet from an Activity to be available to other activities? Perhaps a Button or a ListView, maybe a Layout or any View/ViewGroup for that matter? Fragments let us do just that. Necessity is the mother of invention. Before understanding what Fragments are and how they work, we must first realize their existence in the first place. The Problem ----------- Suppose we have an Android app with two Activities- [*FirstActivity*](https://github.com/iontech/Fragments_Example/blob/master/src/main/java/com/github/iontech/fragments_example/FirstActivity.java) and [*SecondActivity*](https://github.com/iontech/Fragments_Example/blob/master/src/main/java/com/github/iontech/fragments_example/SecondActivity.java). *FirstActivity* contains two Views, a `TextView` (*textView*) and a `Button` (*button1*); and *button1* has an `onClick()` callback that `Toast`'s a simple message "Button pressed". *SecondActivity* contains both the Views present in *FirstActivity* and a `Button` (*button2*). Now we want to utilize the two layout components(Views) of *FirstActivity* in *SecondActivity*, we can go about this with two approaches: 1. Copy and Paste the xml elements of the two Views. 2. Create a separate layout for common Views and reuse it using `` layout element. More about this [here](http://developer.android.com/training/improving-layouts/reusing-layouts.html). Electing the … -
Todo List App: Open Sourced
Announcement: We are open sourcing a few tools we developed recently. Here is the first one. *[Todo List Chrome App](https://github.com/agiliq/to-do-list-chrome-app)* This is a simple todo app - with the key feature that it is completely offline. ### Features 1. Create todo list 2. Create todo 3. Mark as done 4. Delete 5. Totally offline [Get the source](https://github.com/agiliq/to-do-list-chrome-app) or [install the app](https://chrome.google.com/webstore/detail/to-do-list/pmpdkgedikcgfpjbcafckjabeeialdel). -
Password Generator App: Open Sourced
Announcement: We are open sourcing a few tools we developed recently. Here is the second one. [Password Generator Chrome Extension](https://github.com/agiliq/forgot-me-password) [Install it from chrome webstore](https://chrome.google.com/webstore/detail/password-generator/nnjgaeekiplalipomfgacalgehhcckbp) Here are the docs ### Summary A completely client side password generator. ### What is it Its a chrome app to generate unique passwords for each site. Depending upon the domain and a master password a unique password is generated. It doesn't need any server and everything happens on the client side. ### Why? I want to use a unique password for each website. However, I don't want to use lastpass/1password as I find their interface confusing and overkill, and I don't want my password stored on remote servers. I use a simple passwording scheme. I have one master password. For each site, I append the first two letters of the domain to master password and use that as the site password. This is sub-optimal as its easy to understand this scheme, if say two of my passwords are leaked. I want to algorithmically generate the password on the client side, with a chrome app. ### How does it work? password_1 = SHA256(masterpassword+domain) password = take_first_8_letters(password_1) This will generate a per domain password with 8 … -
Tutorial: Building a Chrome app
This is a hands on tutorial about How to build chrome apps, with examples of two Chrome apps we published recently. Lets get started. Chrome apps are of two types: Extensions : They extend the functionality of Google chrome and the websites. They have little or no UI. Ex:Password Generator . Source code : Github Apps: These are separate apps and appear just like any other website. Ex: To Do List. Source Code : Github Depending on our requirement, we need to decide what kind of app we need to build. Extension: Password Generator Installation : Visit the link Password Generator using google-chrome browser and click 'Add To Chrome' button on the top-right corner. Then an extra icon will appear right to the address bar of the browser. If you cant see any icons, try clicking the 'down arrow' that is visible between the address bar and the settings icon. Or just drag and decrease the size of the address bar to see the icons. (see screenshot from the app). Click the icon and a small popup will be opened which is the required app ! What it does : It gets the domain of the currently opened webpage and … -
MoreApps - Android Library Project: Open Sourced
If you have a portfolio of apps, you probably want to cross promote them. We are open sourcing an Android Library Project to make this possible. [Get the code](https://github.com/agiliq/MoreApps). This provides an Activity which you can show with a Grid of your apps. How to use it ------------- Add this MoreAppsLibrary project(library) as a dependency in the Android Application project you are implementing. Add the following code in your `AndroidManifest.xml`: Perform an `Intent` to start the `MoreAppsActivity`; make sure to `putExtra("package", getPackageName());`, this ensures that if the your app is in the list of apps being showcased then your app won't be shown. Intent intent = new Intent(this, MoreAppsActivity.class); intent.putExtra("package", getPackageName()); startActivity(intent); You can refer the **sample** code for a live example. Where does the data come from ----------------------------- The data here is the list of *icons*, the *titles* and the *package names* of the apps. All we do is update the `query` field in `GetAppsDetails` class of the **GetAppsDetails** java app and run this app to get the *icons* and a string resource *xml* file. This xml file contains the titles and package names. *Note: The `query` string would be the same as what you enter in the search … -
Easy client side form validations for Django: Django Parsley
Parsleyjs is a JavaScript library to do client side data validations. It does this in a non-intrusive way via adding a data-* attributes to form fields. Check it out, it's really slick. Django forms do a great job of server side data validations. By integrating Parsley with Django form, you get good client side data validations as well. Get the app here. Some design considerations When I started writing this app I wanted to make it really easy to use. My first thought was to make this a filter or a template tag which would have allowed you to do: {{ form|parsleyfy }} However, I use Django-crispy-forms in all my projects. If parsley was a filter, it would have made piping to |crispy impossible as the render step would already have been completed. Hence parsleyfy is class decorator. Django-crispy-forms and family will play well with parsleyfy. Here is the readme. What is it? Parsleyjs is a JavaScript library to do client side data validations. It does this in a non-intrusive way via adding a data-* attributes to form fields. When you define a Django form, you get server side validations for free using the form field attributes. Django-parsley adds these … -
Introduction to Python Workshop on February 15th, 2013
We are conducting an **"Introduction to Python"** workshop at `our office`_ on **February 15th, 2013 (Friday)** between **5-8PM IST**. This workshop is geared towards those who are planning to learn python. Topics: * Language features * Variables * Built in data structures * Functions * Object Oriented Programming * Demo writing a simple program Prerequisites to attend this session: * A laptop with any linux flavour (OR) a laptop with Python installed in it. Register_ for the workshop by filling up the form. .. _`our office`: http://agiliq.com/contactus#map .. _Register: http://bit.ly/Yf0eiH -
Two Scoops of Django: Review
Two scoops of Django is the new book on Django best practices by Daniel Greenfeld and Audrey Roy. I just finished reading it and found it extremely useful. The book is a collection of tips, their justification and code organized in logical areas. I have been using Django since 2008, but I still found a few tips which were new to me and many which served as good reminder. At about 200 pages, its comprehensive but not overwhelming. If you are an advanced Djangonaut, you can read it in a weekend (And you probably are using all its recommendations anyway). If you are just getting started, putting all the tips to use will keep you busy for month. A random sampling of tips (The book has more than 50 of them.) Use pip, virtualenv and virtualenvwrapper Don't keep your virtualenv inside the project folder Apps should be small and do one thing well Use relative modules, prefer from .models import foo All settings file should be versioned - local_settings.py is an anti-pattern Every settings module should have a corresponding requirements.txt Don't hardcode your paths SingleTable model inheritance is good, multi table model inheritance is bad. Create custom managers, but don't … -
arango: ArangoDB Driver for Python (updated Feb 24, 2013)
Past year I've heard about new database - ArangoDB. I was not able to test it using my daily tools - there was no driver for Python. So, I've decided to create it. I've tried to create really good one - high code coverage, well documented and easy API initially was a must.Yesterday, I've released it - now available on PyPi and on github ToolchainHere is list of basic tools which I've used to create the drivernose - for executing tests, integration and unit. ArangoDB driver contain 103 testscoverage - to have clear metric how many code lines was covered by tests. Now it's 89%sphinx - to have good documentation it's a must. Also .. testcode:: and .. doctest :: directives is very useful to keep code examples usable. PerformanceInitially, I've used requests library as main HTTP transport tool. But at some point I've get a letter from ArangoDB team about python driver performance. Here is most important quote:The guys told me that PHP took 0,5 seconds, JS about a second and our Python script 5 seconds I've start digging and found that requests is slow. Fast tests shows that urllib2 2x faster than requests, and pycurl 3x faster. Here is performance tests … -
Workaround for PostgreSQL SQL_ASCII template encoding
On some Linux distribution installs there may be a problem with SQL_ASCII encoding set on postgres templates (I found it on the daily ISO Raring Ringtail install). When trying to create postgis template with UTF-8 encoding it will fail with an error: createdb: database creation failed: ERROR: new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII) In Django documentation there is a link to one of workarounds - recreating the whole cluster, which results in dropping all databases. There is however an less aggressive fix for this problem - drop template1 and recreate it from template0 using UTF-8 encoding and dropping template_postgis if it exists with the wrong encoding. When template1 is recreated the "create_template_postgis*.sh" script can be used. To drop and create "template1" use the tutorial at journal.tianhao.info. If "template_postgis" exists drop it basing on the step 1 and 2 from the tutorial. After that you can create the postgis template with the Django bash script file (or manually using for example archlinux tutorial). -
New plugins to the Kate, utils to: Python, JavaScript, Django and XML
The project plugin in kate.git master now has four new more plugins, with many features in each one: Python (autocomplete, smart snippets, parse checker, pep8 checker and pyflakes checker), Javascript (autocompletes, jquery snippet, pretty JSON, and jslint checker), Django (smart snippets and utils to Django template) and XML (pretty xml). There are also many generic functions and generic classes in these that will be useful to the new plugins developers. I began to develop these plugins in 2009, this was my first version :-). I wanted to set a shortcut to a snippet, as it was not possible (now it is posible) I started to develop these plugins to Kate. In November 2011, I created a repository on github to develop new features and share them. I have to thank Alejandro Blanco, Jeroen van Veen, Javier Romero, Martin Borho, Justin Chudgar and Yaco Sistemas for helping me in this project. In October 2012 Christoph Cullmann (Kate maintainer) sent me an e-mail, in which he asked me if I was interested to contribute with KDE project. I answered: “Of course!”…. finally I have a little time, and I have been able to integrate these plugins in the kate.git Features to Python … -
Functions in Python presentation
Here is my presentation part of the in company Python course. Functions in python from Ilian Iliev The last slide – “Problem to solve” is something like a simple homework. Sample solutions will be uploaded later this week. -
Values instance has no attribute 'default_reference_context'
I was just editing some reStructuredText content for my website when Django threw a strange error at me. Values instance has no attribute 'default_reference_context' What was really bizarre is that exactly the same rst content could be published as HTML just fine in a test script: from docutils.core import publish_parts rst = 'real content here' print publish_parts(rst, writer_name='html')['html_body'] I couldn't find anything relevant anywhere on the internet either. After some trial and error I managed to find the source of the problem: `hyperlink <http://example.com>` Did you spot the error? The trailing underscore is missing, a valid link would look like: `hyperlink <http://example.com>`_ I still have no idea why the same code would raise an exception inside Django but work stand-alone (but of course generate unwanted markup). Anyway, problem solved for me. Updates: other sources for the error `foo` Renders as <cite> outside of Django. Solved The problem has existed for five years in Django core, see #6681. A simple solution is to disable the admindocs app. Yes, the app messes with the docutils settings project-wide. -
Values instance has no attribute 'default_reference_context'
I was just editing some reStructuredText content for my website when Django threw a strange error at me. Values instance has no attribute 'default_reference_context' What was really bizarre is that exactly the same rst content could be published as HTML just fine in a test script: from docutils.core import publish_parts rst = 'real content here' print publish_parts(rst, writer_name='html')['html_body'] I couldn't find anything relevant anywhere on the internet either. After some trial and error I managed to find the source of the problem: `hyperlink <http://example.com>` Did you spot the error? The trailing underscore is missing, a valid link would look like: `hyperlink <http://example.com>`_ I still have no idea why the same code would raise an exception inside Django but work stand-alone (but of course generate unwanted markup). Anyway, problem solved for me. Updates: other sources for the error `foo` Renders as <cite> outside of Django. Solved The problem has existed for five years in Django core, see #6681. A simple solution is to disable the admindocs app. Yes, the app messes with the docutils settings project-wide. -
Migrating to Heroku
To cut some personal costs and simply because I was interested in it, I recently moved this blog to Heroku, the popular cloud hosting platform. Since 2011 Heroku officially supports Python deployments. Running on a single dyno it is even for free. Following the official guide to deploy a Django application, the transition from my VPS to Heroku was pretty straight-forward and easy. Additionally Heroku enforces good practices, like using virtualenv, and supports more and more popular technologies, like the Python WSGI server Gunicorn. Following a short general guide of what had to be done from my side to do the transition: Create a fixture file from your database via the dumpdata command. Since I didn't want to add any billing information to Heroku yet, I had to rewrite everything related to sending emails from my web server, to save the incoming contact request in the database instead. That was pretty much just the creation of a new model and a one-liner to save it to the DB instead of sending an email, Already using virtualenv, the rest was simply adding or changing requirements. In addition of removing the MySQL bindings for python I added the following libaries: dj-database-url==0.2.1 django-heroku-memcacheify==0.4 …
