I am curious about something I encountered when I was registering on the wakari website. I entered my username which was something like abc.def.ghi and all other information and submitted the form ( or at least tried to submit! ). It threw up an error which said "username must be a valid python variable", so they were obviously doing something in their back-end with usernames as python variables. Would anyone explain to me if this is some sort of design scheme that they are using wherein they store user information as python variables or something like that. Again I apologize since this is not really a specific programming question but this is eating me up and I must know why that happened.
The following is the URL:
https://www.wakari.io/usermgmt/loginorregister
This is pure conjecture. One thing I could see wakiri doing is using the usernames as a module name for your code. That might be interesting. So storing user code as wakiri.<username>. Then the application might be doing an import wakiri.<username> with some interesting stuff in the __init__.py that runs whatever it finds.
Maybe that's it. Or maybe they are storing user code in files on disk. Maybe user code is written out to a file that contains lots of dictionaries that contain code and are named after the username?
Maybe they aren't even using it and just think it is cute to restrict people to valid Python variables.
I'm a Wakari developer, and we've only just caught this question. The short version is that you are pretty safe with a valid UNIX username, and the "error" text should say something using better "plain english" to this effect.
The reason we say the username needs to be a valid Python module name is that we're imagining a day when users could have something like ~/public_python as a place to put directly-shareable code, and then other users could access this via something like from wakari.users import steve. We'd leave it up to you to figure out if you trust user steve enough to import his code directly.
Related
I have a flask.ext.stormpath instance and I would like to fetch all users (filtered with created_at)
I have tried several stuff that are not working
flask.ext.stormpath.accounts
Sorry for the short question but for clarity, I think I need something like this
https://docs.stormpath.com/rest/product-guide/latest/reference.html#search-filter
Heyo,
When you use Flask-Stormpath, you can access the underlying Application object by saying:
stormpath_manager.application
This means you can do stuff like:
for account in stormpath_manager.application.accounts:
print('Email: {}'.format(account.email))
Any sort of Python SDK stuff will work here as expected =)
I am currently working on a text sharing website and I came across the following problem. Each post gets an ID and I would like to be able to easily access the post this by giving the id in the link as a parameter. But since you can simply enter the numbers manually, it is very insecure. My idea is to calculate a longer unique number from the ID. Of course, the number needs to be brought into its original state. The ideal would be a solution in a python. Thanks in advance!
Edit: Correct me if I am wrong but there is no way to reverse the uuid back to the original number?
First thing that needs to be said is that it's not insecure. Even if you calculate some longer number, there is still a chance to access it anyway. Imagine someone creating a generator script trying such numbers. Giving post an ID and security shouldn't be mixed up together.
The best solution would be to add some kind of privileges system or password protection. You can of course use some hash functions for making the id longer if you insist. Not sure what exactly is the idea behind the website, you mean something like Pastebin? Simply add an option for the password protection as I suggested before. Some might use it, some don't.
I just got started with Pyramid web development and want to use pyramid_simpleauth for my project. I'm not sure what canonical_id is in its User model.py.
It seems to be just a randomly generated string that gets used in its ACL somehow, can someone shed me some lights what this does and why it's needed?
Thank you.
The reason you want a canonical_id is so that you have something to refer the user by that is not their username or email address. Those two entities may change, whereas the canonical_id should never change.
I apologize if the question is a little vague but I'm trying to find the simplest way to do this.
I have a small group of people, for whom I have written a python script. Now this python script summarizes articles mined from a website (that are unique by an id number) when the user runs it with some parameters. Now each user might choose to "claim" one or more articles, which means that they will be working on it. Thus any future execution of the script should omit using a "claimed" article in its summary.
I need a way to have a globally accessible file, which my script accesses and checks its output against.
I also need to have a way for the user to add multiple id numbers to this global file.
I understand that a rudimentary database might be the best way to go, but is there a simpler way to read and edit files remotely over python? I can host this file on my personal webspace, but I'm not sure of what would be the simplest way to edit and read it since I'm relatively new to python.
The number of users is small and constant so it does not have to be very robust, just needs to work.
Language: Python
Thanks!
I am new to python and pyramid and I am trying to figure out a way to print out some object values that I am using in a view callable to get a better idea of how things are working. More specifically, I am wanting to see what is coming out of a sqlalchemy query.
DBSession.query(User).filter(User.name.like('%'+request.matchdict['search']+'%'))
I need to take that query and then look up what Office a user belongs to by the office_id attribute that is part of the User object. I was thinking of looping through the users that come up from that query and doing another query to look up the office information (in the offices table). I need to build a dictionary that includes some User information and some Office information then return it to the browser as json.
Is there a way that I can experiment with different attempts at this while viewing my output without having to rely on the browser. I am more of a front end developer so when I am writing javascript I just view my outputs using console.log(output).
console.log(output) is to JavaScript
as
????? is to Python (specifically pyramid view callable)
Hope the question is not dumb. Just trying to learn. Appreciate anyones help.
This is a good reason to experiment with pshell, Pyramid's interactive python interpreter. From within pshell you can tinker with things on the command-line and see what they will do before adding them to your application.
http://docs.pylonsproject.org/projects/pyramid/en/1.4-branch/narr/commandline.html#the-interactive-shell
Of course, you can always use "print" and things will show up in the console. SQLAlchemy also has the sqlalchemy.echo ini option that you can turn on to see all queries. And finally, it sounds like you just need to do a join but maybe aren't familiar with how to write complex database queries, so I'd suggest you look into that before resorting to writing separate queries. Likely a single query can return you what you need.