Django community: Community blog posts RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Adding Social Authentication to Django
This tutorial details how to set up social auth with Django and Django Allauth. -
How to gather consensus before a big decision
The next time you have an important proposal to make, don’t wait until the big meeting to ask for support. Here’s how to gather feedback and build consensus beforehand, so you can make that big meeting into a non-event. -
How to implement Auto Expiring Token in Django Rest Framework
Describes how to implement custom token model and authentication backend in Django Rest Framework -
How to implement Auto Expiring Token in Django Rest Framework
Describes how to implement custom token model and authentication backend in Django Rest Framework -
Django News - CSS, PostgreSQL, Django Security with CI/CD, and more htmx resources - Jan 15th 2021
News The State of CSS 2020: Trend Report CSS is rapidly changing with utility-first frameworks like Tailwind CSS gaining rapid prominence. This is a fun, interactive look at a recent survey on current and future CSS trends. stateofcss.com Articles Bringing Security along on the CI/CD journey From Jacob Kaplan-Moss, a detailed look at how to integrate security with modern CI/CD practices. jacobian.org Re-Introducing Hash Indexes in PostgreSQL by Haki Benita A very in-depth look at hash indexes within PostgreSQL and why they are more relevant than ever these days. hakibenita.com Detecting N+1 queries in Django with unit testing A clever way to unit test for N+1 queries in your code. valentinog.com Interview with Andrew Godwin about deployment — Django deployment From 2017 but still very relevant, an interview with on Django deployments with Andrew Godwin. djangodeployment.com Django migrations without downtimes Originally from 2015 but updated a few times since then, this is a classic look at managing Django migrations on a large site without downtimes. github.io How to Override the gunicorn Server Header by Adam Johnson Adam Johnson shows how to override Gunicorn's header which, by default, reports the complete version of Gunicorn being used: a security no-no. adamj.eu Sponsored … -
Hangar's Dumb Security Questionnaire
Over on the Hangar tech blog, I’ve posted our Dumb Security Questionnaire (the questions we ask vendors to evaluate their security maturity). All DSQs are dumb, but I think ours is a little less dumb. If not, at least it’s short. -
Squashing Bugs - Building SaaS #87
In this episode, I fixed some critical issues that my customer discovered. My customer is putting the app through its real paces for a school year and since this is the first run, there were bound to be some bugs. We began with an explanation of the issues that my customer encountered. The problems related to scheduling. First, the daily page skipped a task and showed the task that was meant for two days in the future. -
Why I'm excited to get a COVID vaccine
I’m terrifically excited to get a COVID vaccine. Not just “willing”, but actually quite excited. mRNA vaccines are this generation’s moonshot – a huge leap forward in science. Im terrifically excited to get to be part of it. -
How to accept Paypal payments on your Django application
If you are developing a Django application and you want to accept Paypal payments, you are in the right place! In this tutorial you’ll learn how to integrate Django and Paypal to accept payments in your Django web application. Paypal is a popular solution for online payments. Even if nowadays there are many valid alternatives, Paypal is still a big player in the market with a solid reputation and it’s trusted by millions of users. Here is a simple step-by-step guide on how to integrate the django-paypal third party app on your website. 1. Install the django-paypal app pip install django-paypal 2. Insert the app in your Django settings INSTALLED_APPS = ( ... 'paypal.standard.ipn', ) 3. Insert a Paypal form on a view Assuming you are using Django class-based views, you can use a FormView like this: from django.views.generic import FormView from django.urls import reverse from paypal.standard.forms import PayPalPaymentsForm class PaypalFormView(FormView): template_name = 'paypal_form.html' form_class = PaypalForm def get_initial(self): return { "business": 'your-paypal-business-address@example.com', "amount": 20, "currency_code": "EUR", "item_name": 'Example item, "invoice": 1234, "notify_url": self.request.build_absolute_uri(reverse('paypal-ipn')), "return_url": self.request.build_absolute_uri(reverse('paypal-return')), "cancel_return": self.request.build_absolute_uri(reverse('paypal-cancel')), "lc": 'EN', "no_shipping": '1', } This is a regular FormView and the template paypal_form.html is a standard Django template like this: … -
How to accept Paypal payments on your Django application
In this tutorial you’ll learn how to integrate Django and Paypal to accept payments in your Django web application. Paypal is a popular solution for online payments. Even if nowadays there are many valid alternatives, Paypal is still a big player in the market with a solid reputation and it’s trusted by millions of users. Here is a simple step-by-step guide on how to integrate the django-paypal third party app on your website. Table of Contents 1. Install the django-paypal app 2. Insert the app in your Django settings 3. Insert a Paypal form on a view 4. Provide an URL for Paypal IPN 5. Create views for success and failure of Paypal checkout 6. Setup a listener to detect successful Paypal payments 1. Install the django-paypal app pip install django-paypal 2. Insert the app in your Django settings INSTALLED_APPS = ( ... 'paypal.standard.ipn', ) 3. Insert a Paypal form on a view Assuming you are using Django class-based views, you can use a FormView like this: from django.views.generic import FormView from django.urls import reverse from paypal.standard.forms import PayPalPaymentsForm class PaypalFormView(FormView): template_name = 'paypal_form.html' form_class = PayPalPaymentsForm def get_initial(self): return { "business": 'your-paypal-business-address@example.com', "amount": 20, "currency_code": "EUR", "item_name": 'Example item, … -
Here, There, Middleware
Full show notes are available at https://www.mattlayman.com/django-riffs/11. -
Episode 11 - Here, There, Middleware
On this episode, we will investigate Django middleware and see where it goes in your project. In the process, you’ll see why middleware is useful and how you can work with it. Listen at djangoriffs.com. Last Episode On the last episode, we’re going to look at working with users in a Django project. We’ll see Django’s tools for identifying users and checking what those users are permitted to do on your website. -
Bringing Security along on the CI/CD journey
Practical ways to bridge the gap between AppSec and Engineering. -
Using MinIO to upload to a local S3 bucket in Django
Hi everyone! Some weeks ago I was doing a demo to my teammates, and one of the things that was more suprising for them was that I was able to do S3 uploads locally using “MinIO”. Let me set the stage: Imagine you have a Django ImageField which uploads a picture to a AWS S3 bucket. How do you setup your local development environment without using a “development” AWS S3 Bucket? -
Using MinIO to upload to a local S3 bucket in Django
Hi everyone! Some weeks ago I was doing a demo to my teammates, and one of the things that was more suprising for them was that I was able to do S3 uploads locally using “MinIO”. Let me set the stage: Imagine you have a Django ImageField which uploads a picture to a AWS S3 bucket. How do you setup your local development environment without using a “development” AWS S3 Bucket? For that, we use MinIO. What is MinIO? According to their GitHub README: > MinIO is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. So MinIO its an object storage that uses the same API as S3, which means that we can use the same S3 compatible libraries in Python, like Boto3 and django-storages. The setup Here’s the docker-compose configuration for my django app: version: "3" services: app: build: context: . volumes: - ./app:/app ports: - 8000:8000 depends_on: - minio command: > sh -c "python manage.py migrate && python manage.py runserver 0.0.0.0:8000" minio: image: minio/minio ports: - 9000:9000 environment: - MINIO_ACCESS_KEY=access-key - MINIO_SECRET_KEY=secret-key command: server /export createbuckets: image: minio/mc depends_on: - minio entrypoint: > /bin/sh -c " … -
About Print Versions of "A Wedge of Django"
Due to a never ending set of logistical issues for the print versions of our Django Crash Course, A Wedge of Django, we have decided to cancel our attempt to handle printing it ourselves. This will free us up in order to finish it, as well as other books. If you pre-ordered a print version of this book we have sent out emails asking if you want a refund or discount code for other purchases on this site, including the e-book version of Two Scoops of Django. If you have not received this email and pre-ordered the book, please contact us at hi @ feldroy.com. Finally, there is a significant possibility we will use Amazon's print-on-demand service to publish the book, in which case it will have to be purchased as an Amazon product. Sincerely,Daniel, Audrey, and Uma -
Django News - Django 3.1.5 release - Jan 8th 2021
News Django bugfix release: 3.1.5 A new bugfix release is out. As ever, staying on the latest version of Django is the #1 security step you can take on your projects. Here are the revelant docs for doing so. djangoproject.com htmx 1.1.0 Release htmx is a promising new library that adds support for AJAX, CSS Transitions, WebSockets, and Server Sent Events directly in HTML. htmx.org Events Python Web Conf 2021 CFP The CFP closes on January 29, 2021. papercall.io Articles My Python linting setup in 2020 :: sleepy yaks industries — Help teams delivering better products and applications Linting is an automated style guide for personal or team use. Here's one approach for 2020 and beyond. yaks.industries Better Exception Output in Django’s Test Runner With better-exceptions Adding the better-exception package to Django's test runner which makes the standard assert statement much more usable. adamj.eu Designing Engineering Organizations From Jacob Kaplan-Moss, a look at how to structure a larger engineering organizations. jacobian.org Using Django & AssemblyAI for More Accurate Twilio Call Transcriptions In this tutorial, we'll record an outbound Twilio call recording to AssemblyAI's API to get significantly more accurate speech-to-text output. fullstackpython.com Understand Django: Serving Static Files The 11th in … -
Testing Email Designs - Building SaaS #86
In this episode, I worked on the sign up confirmation email design. We customized the template and used MailHog to test the flow and see how the email appeared. After working on the email design, we switched to the landing page of the site to work on the pricing information. I started the stream by explaining that I’m working through some final tasks before launching the app more publicly. I covered why I am planning to send a sign up email and why I want to customize it. -
Telemedicine - Matt Layman
Matt’s personal siteDjango Riffs PodcastDoctor on DemandMatt on YouTubeMatt on TwitchMatt on TwitterPyCon 2015: James Bennett on the Django ORMSupport the ShowThis podcast is a labor of love and does not have any ads or sponsors. To support the show, consider purchasing or recommending a book from LearnDjango.com or signing up for the free weekly Django News newsletter. -
Serving Static Files
In the previous Understand Django article, I described how Django gives us tools to run code for any request using the middleware system. Our next focus will be on static files. Static files are vital to your application, but they have little to do with Python code. We’ll see what they are and what they do. From Browser To DjangoURLs Lead The WayViews On ViewsTemplates For User InterfacesUser Interaction With FormsStore Data With ModelsAdminister All The ThingsAnatomy Of An ApplicationUser AuthenticationMiddleware Do You Go? -
Our Top 20 Blogs in 2020
We’ve published summaries of our most popular blog posts before (see Top 19 of 2019 and Top 18 of 2018), but this time, we’re taking it a step further. We’re sharing the 20 most popular posts in 2020, regardless of the year the post was originally published. And some of these have been around a while! Based on total pageviews, here are the blogs that rose to the top of the popularity list, from most viewed to least viewed. Most Popular Blogs in 2020 1. Creating Dynamic Forms with Django: Published May 7, 2018 2. Here's a Production-Ready Dockerfile for Your Python/Django App: Published March 14, 2017 3. CSS Tip: Fixed Headers and Section Anchors: Published October 23, 2017 4. A Guide To Creating An API Endpoint With Django Rest Framework: Published February 1, 2019 5. How to Use Django Bulk Inserts for Greater Efficiency: Published January 9, 2019 6. Filtering and Pagination with Django: Published October 18, 2018 7. Using Amazon S3 to Store your Django Site's Static and Media Files: Published November 10, 2014 8. How to Import Multiple Excel Sheets in Pandas: Published August 13, 2019 9. Django vs WordPress: How to Decide?: Published August 14, 2018 … -
How to Set Up report-uri.com on Django
In recent years browsers have gained many powers to report back problems they encounter on your site, such as: Network Error Logging (NEL) can report bad HTTP statuses, expired TLS certificates, etc. Content Security Policy can report banned resources found on your site. Deprecation reports can tell you that you’re using web API’s that will soon be removed. Browsers send these reports to URI’s listed in specific security headers, including the exiperimental Report-To header. These are really useful since they can uncover issues that would otherwise go unseen. A service for collecting, parsing, and making sense of these reports is report-uri.com. It’s run by Scott Helme a security researcher who also made the useful free tool securityheaders.com. It makes a lot of sense to use a separate service for receiving browser reports, since if you have a problem on your own site, it’s likely you’d have problems collecting the reports too! Yesterday I set up report-uri.com on my new Django project db-buddy.com. Here’s how I did it. Note: I added the headers from within Django. This makes sense for me since I’m deploying on Heroku and serve all URL’s from Django, including static assets via Whitenoise. If your site is … -
Designing Engineering Organizations
How should you structure a larger engineering organization, one with dozens (or hundreds) of engineers? There are many tradeoffs to consider, and no single right answer. But, there are some structures that work better than others. -
Better Exception Output in Django’s Test Runner With better-exceptions
Today I learned about the better-exceptions pacakage. It makes exception output better, providing more context and colourization on the terminal. If you’re using Django’s test framework, you can install better-exceptions during your test runs. It makes it the plain assert statement much more usable. Plain asserts are clearer to write and read than the various self.assert* functions, so a definite win for tests. pytest’s assert statement rewriting is similar to better-exceptions, and it’s definitely a “killer feature” for pytest users. Whilst I recommend pytest, it can be hard to port existing projects, so using better-exceptions is a nice compromise. Adding better-exceptions To Django Test Runs First, you’ll want a custom test runner class. If you don’t already have one, create one as below, in a file like example/test.py. Inside that the test runner’s run_tests() method, you can use a monkey-patch to install better-exceptions into the unittest TestResult class, which is responsible for output of tests. There’s a snippet in the better-exceptions documentation, which I’ve made Python-3-only. Putting it all together: from unittest.result import TestResult import better_exceptions from django.test.runner import DiscoverRunner class ExampleTestRunner(DiscoverRunner): def run_tests(self, *args, **kwargs): # Enable better-exceptions for better display of exceptions # https://github.com/Qix-/better-exceptions#use-with-unittest def exc_info_to_string(self, err, test): … -
How to Override the gunicorn Server Header
In all current releases of the popular WSGI server gunicorn, the Server header reports the complete version of gunicorn. I spotted this on my new project DB Buddy. For example, with httpie to check the response headers: $ http https://db-buddy.herokuapp.com -ph HTTP/1.1 200 OK ... Server: gunicorn/20.0.4 ... Reporting the version of server software is not recommended as it is a security risk. Fastly list Server and other vanity headers first in their article The headers we don’t want. In many setups, gunicorn’s Server header will be overwritten. For example if you’re using Nginx, it will replace Server with its own version (disable that with its server_tokens directive). But my app is running on Heroku which preserves the gunicorn Server header. Because of the security risk, there has been a long ongoing gunicorn issue to remove the version from the gunicorn header, leaving it as Server: gunicorn. The Pull Request to remove the version was merged nearly a year ago but is still pending release. Until then, we can use the workaround suggested in the original issue: monkey-patch the SERVER_SOFTWARE attribute that gunicorn uses to fill in the Server header. I’m configuring gunicorn with a submodule of my app’s package, …