I'm using django-mailbox in my app.
It works but it syncs mail by "python manage.py getmail" in shell.
Now my goal is to refresh new incoming mail by html template.
Is there any such way?
TY
You can run management commands from your code
Pls see https://docs.djangoproject.com/en/2.2/ref/django-admin/#running-management-commands-from-your-code
so basically
from django.core import management
management.call_command('getmail')
If you add create a custom view and call
management.call_command('getmail')
You should have your desired behavior
Related
What file can be uploaded on a webapp built on django framework if it's allowing unrestricted file upload? When I uploaded a shell.py it simply rendered as text in the browser but html and javascript are executing fine.
if you can execute that file when django render, maybe you can try first a os.system("whoami") and then you can change that for a cmd and pass commands calling that file on your browser/burp/curl. if accept any file, it's really easy
In Python CGI, when I call name = os.popen('whoami').read(), the name will return as Apache. How can I get the original login name that was login to this machine? For example, in terminal windows, when I run whoami, the login name return as "operator". In Apache server, is there a way to get the login name as "operator"?
Thanks!
Tom Wang
Python CGI script gets executed when APACHE gets a request. APACHE redirects the request to python. Since, user 'APACHE' would be running this script, you get that as the id. You can only get the id as operator if user 'operator' is running the script. Users connect to your script using a web browser which is intercepted by APACHE. There is no way to determine which user is making the request from web browser as they never login to the machine where APACHE is running. You can get their IP/port using the requests library
I am new to Python.
I need to register in Whatsapp.
I found a library Yowsup.
But I can't understand how to use it.
I am creating a service in Django and python and I need to write a function for registration, how to do it?
Like:
def Register():
I have found an example in Yowsup, but it is for console, how to use it in web service ?
You can refer to this site. https://pypi.python.org/pypi/pywhatsapp/
Simple wrapper around yowsup to send a message or mediafile with whatsapp
Example usage
You can register a whatsapp client with the yowsup-cli
```python
`from whatsapp import Client
phone_to = '31641371199'
client = Client(login='3161516888', password='secretpasswordbase64')
client.send_message(phone_to, 'Hello Lola')
client.send_media(phone_to, path='/Users/tax/Desktop/logo.jpg')
```
# Installation
```
$ pip install pywhatsapp
```
I'm having some trouble understanding and implementing the Google Directory API's users watch function and push notification system (https://developers.google.com/admin-sdk/reports/v1/guides/push#creating-notification-channels) in my Python GAE app. What I'm trying to achieve is that any user (admin) who uses my app would be able to watch user changes within his own domain.
I've verified the domain I want to use for notifications and implemented the watch request as follows:
directoryauthdecorator = OAuth2Decorator(
approval_prompt='force',
client_id='my_client_id',
client_secret='my_client_secret',
callback_path='/oauth2callback',
scope=['https://www.googleapis.com/auth/admin.directory.user'])
class PushNotifications(webapp.RequestHandler):
#directoryauthdecorator.oauth_required
def get(self):
auth_http = directoryauthdecorator.http()
service = build("admin", "directory_v1", http=auth_http)
uu_id=str(uuid.uuid4())
param={}
param['customer']='my_customer'
param['event']='add'
param['body']={'type':'web_hook','id':uu_id,'address':'https://my-domain.com/pushNotifications'}
watchUsers = service.users().watch(**param).execute()
application = webapp.WSGIApplication(
[
('/pushNotifications',PushNotifications),
(directoryauthdecorator.callback_path, directoryauthdecorator.callback_handler())],
debug=True)
Now, the receiving part is what I don't understand. When I add a user on my domain and check the app's request logs I see some activity, but there's no usable data. How should I approach this part?
Any help would be appreciated. Thanks.
The problem
It seems like there's been some confusion in implementing the handler. Your handler actually sets up the notifications channel by sending a POST request to the Reports API endpoint. As the docs say:
To set up a notification channel for messages about changes to a particular resource, send a POST request to the watch method for the resource.
source
You should only need to send this request one time to set up the channel, and the "address" parameter should be the URL on your app that will receive the notifications.
Also, it's not clear what is happening with the following code:
param={}
param['customer']='my_customer'
param['event']='add'
Are you just breaking the code in order to post it here? Or is it actually written that way in the file? You should actually preserve, as much as possible, the code that your app is running so that we can reason about it.
The solution
It seems from the docs you linked - in the "Receiving Notifications" section, that you should have code inside the "address" specified to receive notifications that will inspect the POST request body and headers on the notification push request, and then do something with that data (like store it in BigQuery or send an email to the admin, etc.)
Managed to figure it out. In the App Engine logs I noticed that each time I make a change, which is being 'watched', on my domain I get a POST request from Google's API, but with a 302 code. I discovered that this was due to the fact I had login: required configured in my app.yaml for the script, which was handling the requests and the POST request was being redirected to the login page, instead of the processing script.
I am trying to obtain a token from Azure AD from Python client application. I want users to seamlessly authenticate with just a username and password (client_id / secret will be embedded in the app). I registered my app and given it all permissions and hit the "grant permissions" button in the new portal according to this post:
The user or administrator has not consented to use the application - Send an interactive authorization request for this user and resource
I am sending an http post to:
https://login.microsoftonline.com/{tenant_id}/oauth2/token
with the following data:
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
body = "resource={0}&grant_type=password&username={1}&password={2}&client_id={3}&client_secret={4}&scope=openid".format(app_id_uri,user,password,client_id,client_secret)
I cannot seem to get past this error no matter what I try:
b'{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID \'078c1175-e384-4ac7-9116-efbebda7ccc2\'. Send an interactive authorization request for this user and resource.
Again, my goal:
User enters user / pass and nothing else. App sends user / pass / client_id / client_secret, obtains token.
According to your comment:
The message I'm receiving says to do an interactive request but that is exactly what I'm trying to avoid because this is a python app with no web browser and I'm trying to avoid complexity.
I think you want to build a daemon app or an app only application integrating with Azure AD. You can refer to https://graph.microsoft.io/en-us/docs/authorization/app_only for the general introduction.
Furthermore, you can leverage the ADAL for Python to implement this functionality with a ease. Also, you can refer to client_credentials_sample.py for a quick start.
You should try logging in as an admin to be able to give consent to use the application on your tenant at all.