Consider a request coming from this url /messages/compose/(?P<recipients>[\+\.\w]+)/ where recipients is usernames separated by + sign. After success (message to recipients successfully sent) i am doing:
#success_url = 'message_send_success'
recipients = '+'.join([obj.username for obj in recipients]) #converting them back to original string
reverse(success_url, kwargs={'recipients': recipients})
This is the url to whom it match:
url(r'^/messages/success/(?P<recipients>[\+\.\w]+)$', 'site.views.message_send_success', name='message_send_success')
But it will show all recipients in the url, is there any away i can hide those recipients string to be displayed in url and can access it in request??
Maybe you want to use base64 library:
>>> base64.b64encode("what is that?")
'd2hhdCBpcyB0aGF0Pw=='
>>> base64.b64decode("d2hhdCBpcyB0aGF0Pw==")
'what is that?'
Note: if you want to have more safety urls, you should do some translations on that string (otherwise other user that know base (en)coding will easily decode your value.
Not if you're using a redirect. Django has a "shared-nothing" architecture, which means that between one request and the next no user state persists on the server. For this reason, Django can't (automatically) "remember" what your recipients were before the redirect, so it can access them in the next HTTP request.
What are your reasons for wanting to hide them? Is there sensitive information you can't send back to the client, or something like that? One option to avoid that is to simply repeat the information the client sent (i.e. the original recipients parameter) and have the success view redo the operations that compose did on them.
Related
Here is my example form: https://docs.google.com/forms/d/e/1FAIpQLSfVXZ1721ZRrHetp1qUak9T-o-MwKA9G3q01rLAFI2OJhZjUw/viewform
I want to send a response to it with python, but I don't know how to fill the "text box", so I can't even start it. Can you help me, please?
For submitting data to google form you first need to replace viewform to formResponse in your url.
You are going to POST submission to the form response URL.
You need to keep 2 things in mind.
Get the form response URL. It can be found by replacing your form ID into the following:
https://docs.google.com/forms/d/<form_id>/formResponse
Assemble the submission. This will be a dictionary reference with keys being the IDs of the form questions and the values being what you'd like to submit. To get the IDs, again go to your live form and inspect the html (Right Click -> Inspect Elements) components where you would typically input your information. You should discover a group of ss-structure passage objects with name attribute like:
name="entry.<id>"
A simple program to send response would be:
import requests
url ="https://docs.google.com/forms/d/e/1FAIpQLSfVXZ1721ZRrHetp1qUak9T-o-MwKA9G3q01rLAFI2OJhZjUw/formResponse"
data_to_send = 'DATA' # Assign Data to be sent
requests.post(url, {"entry.685250623":data_to_send}) # Found the entry Id viewing your form
Hope this answers your question!!!
So I've got a python application that is using requests.post to make a post request with json headers, body info, etc.
Problem is that in my dictionary that gets sent as headers, I have a variable that often contains character groups like %25"" or "%2F", etc. I've seen this cause problems before if sent in body data, but that can be fixed by sending the body data as a sting rather than a dictionary. Haven't figured out how to make this work with the headers though, as you can't simply delimit the parameters with an ampersand like in body data.
How do I make sure that my cookie value is not altered in the process of the post request?
For instance, headers :
Host : blahblah.com
Connection : Keep-Alive
Cookie : My sensitive string with special characters
etc.
Note : Nothing server-side can be changed. The python application is being used for hired pentesting services.
A common technique for sending data that becomes a mess when transmitted is to encode it, especially as base64
Sender:
import base64
...
encoded_data = "base64:{}".format(base64.b64encode(data))
Receiver:
import base64
...
if encoded_data.startswith("base64:"):
data = base64.b64decode(encoded_data.split(':')[1])
I am trying to test my update method on my viewset. The viewset is a modelviewset taken from drf. To update i would need to send a put request. As this is not always supported there are 2 ways to tell the server i am making a put request, the first which does not fit my needs is to use an additional field to form called _method and set it to put. As i need to post json data i need to use the second way, which uses the X-HTTP-Method-Override header.
To post my data in the testcase i use the following code:
header = {'X_HTTP_METHOD_OVERRIDE': 'PUT'}
response = client.post('/model/1/', content_type='application/json', data=post_data_clean, **header)
But unfortunately the result I get is {'detail':'Method POST not allowed.'}. I tested the behavior of the server using a addon (Postman) where i specified the X-HTTP-Method-Override header too. No exception is raised. I need to know now how to correctly pass the header to the django test client, otherwise testing will get really annoying over here.
You need to specify header as 'HTTP_X_HTTP_METHOD_OVERRIDE' instead of 'X_HTTP_METHOD_OVERRIDE' i.e. add HTTP_ at the beginning of the header.
header = {'HTTP_X_HTTP_METHOD_OVERRIDE': 'PUT'}
response = client.post('/model/1/', content_type='application/json', data=post_data_clean, **header)
From the Django documentation:
HTTP headers in the request are converted to META keys by converting
all characters to uppercase, replacing any hyphens with underscores
and adding an HTTP_ prefix to the name. So, for example, a header
called X-Bender would be mapped to the META key HTTP_X_BENDER.
Also, you can pass headers to the constructor of the Client:
from django.test import Client
client = Client(HTTP_USER_AGENT="Mozilla/5.0 ...", HTTP_X_USER_ID="982734")
This way every request will contain default headers.
PS: This approach is valid for DRF TestApiClient and ApiRequestFactory.
(1)I designed a API application. Some arguments in API expected it will receive Boolean datas.
Example:
def hello(request):
# request.POST.viewitems()
# {u'is_logined': u'False', u'user': u'hello'}
user_name = request.POST.get("user", "") # "hello"
is_logined = request.POST.get("is_logined", "") # "False"
This is my sending:
url = "http://127.0.0.1:8000/test"
aaa= {"user": "hello",
"is_logined": False}
res = requests.post(url, data=aaa)
I suppose I get the argument is a boolean data but it's Unicode format.
Anyone know why it is Unicode format.
(2)I have another question. If java program will access my API, I know boolean in java is false and true.
When my API receive the boolean data, is it still false and true of Unicode string?
When you use the POST method, in which the browser bundles up the form data, encodes it for transmission, sends it back to the server, and then receives its response.
I guess you use form to send data. The data type of sending provides Text and File formats. So, this is why you receive is Text. If you know a app it's name postman, you can try it.
Not an straightforward answer to you question, but this is one of the reasons why you should use forms to process posted data. Through forms api you will have the "right" python object type.
Other reasons are mainly security.
I have asked this question here about a Python command that fetches a URL of a web page and stores it in a variable. The first thing that I wanted to know then was whether or not the variable in this code contains the HTML code of a web-page:
from google.appengine.api import urlfetch
url = "http://www.google.com/"
result = urlfetch.fetch(url)
if result.status_code == 200:
doSomethingWithResult(result.content)
The answer that I received was "yes", i.e. the variable "result" in the code did contain the HTML code of a web page, and the programmer who was answering said that I needed to "check the Content-Type header and verify that it's either text/html or application/xhtml+xml". I've looked through several Python tutorials, but couldn't find anything about headers. So my question is where is this Content-Type header located and how can I check it? Could I send the content of that variable directly to my mailbox?
Here is where I got this code. It's on Google App Engines.
If you look at the Google App Engine documentation for the response object, the result of urlfetch.fetch() contains the member headers which contains the HTTP response headers, as a mapping of names to values. So, all you probably need to do is:
if result['Content-Type'] in ('text/html', 'application/xhtml+xml'):
# assuming you want to do something with the content
doSomethingWithXHTML(result.content)
else:
# use content for something else
doTheOtherThing(result.content)
As far as emailing the variable's contents, I suggest the Python email module.
for info on sending Content-Type header, see here: http://code.google.com/appengine/docs/python/urlfetch/overview.html#Request_Headers