I am looking for a generic Tell a Friend application in django which will allow my website users to invite and tell about website features to one's mail or social networking friends by sending invitation email to join the website....
Any suggestion will help...
Thanks in advance...
This isn't Django, but you might consider a remotely-hosted application like ShareThis.
Otherwise, you could make use of this code, and add parameters (such as name and email address) into the URL where possible / necessary. In any case, I'm not aware of a Django-specific solution that integrates with the CMS out of the box - you might have to do it yourself, at least partly.
There's a reusable app at github called django-tellafriend.
Haven't used it myself. In the essence however it shouldn't be to hard to roll your own app for this if you have special requirements. Basically you need a form and send out an email if it's valid. If you want to keep track of the you can store the information using a simple model.
Connecting to social networks might be a little trickier, but there are also a few django apps for this like django-facebook and django-social-auth.
Related
I need a modern looking forum solution that is self hosted (to go with a django project)
The only reasonable thing I can see using is discourse, but that gives me a problem... How can I take care of auth between the two? It will need to be slightly deeper than just auth because I will need a few User tables in my django site as well.
I have been reading about some SSO options, but I am unclear on how to appraoch the problem down the road. here is the process that I have roughly in my head... Let me know if it sounds coherent...
Use Discourse auth (since it already has social auth and profiles and a lot of user tables.
Make some SSO hook for django so that it will accept the Discourse login
Upon account creation of the Discourse User, I will send (from the discourse instance) an API request that will create a user in my django instance with the proper user tables for my django site.
Does this sound like a good idea?
That sounds plausible. To make sure a user is logged in to both, you may put one of the auths in front of the other. For example, if discourse is in front of Django, you can use something like the builtin RemoteUserMiddleware.
In general, if they are going to be hosted on different domains, take a look at JWT. It has been gainining ground to marry different services and the only thing you need is to be able to decode the JWT token, which a lot of languages have nowadays in the form of libraries.
I want to make a django site which has no profile authentication or signing in. Anonymous users will be able to make a form that will be potentially open to anyone else on the site.
I'd like to do two things:
Somehow limit access to this form to certain people, without on site profiles. Maybe passwords/encryption keys distributed by email? Or secret one-time links using random URL's to make finding them/crawling them difficult, only accessible to those who know about them?
A way that the user who created the form can delete the form. Again, perhaps email a secret password upon creation to whoever created the form, which can let them delete the form?
Are there any Django plug-ins I should look into, or does anyone have tips about how I should go about this? I'm interested in the shareasecret site, and aspects of security in one time links without profile authentication, however, I'm not sure of best practices and ways to go about this sort of thing.
There is no best practice nor a plugin for this use case. It is a common-or-garden, simple use case which should not demand that much of code and logic that you look for some plugin or best practice. Just draw the picture you imagine, sit and write your code. if you have any exact problems in your code, then ask a question.
Given the specific site you're trying to recreate has an api, it would appear that the details aren't matched against the user, but the post itself. so simply make a model that has the two things that it requires
Query Params
SECRET_KEY: the unique key for this secret.
passphrase (if required): the passphrase is required only if the secret was create with one.
So either I'd suggest use the same method yourself, or just use their api.
I'm creating an small SaaS app in Django. It gathers data from webservers from different organizations. Once in a while it automatically needs to send out notification mails to their customers (domain owners).
I would like to let our users (the webhosters) to change the email templates to their likings/needs, before sending them out. The email templates are plain Django templates, including a number of available variables. So, i created a model for the email templates. Which can be edited by the users through a form. The have access to a limited number of template variables per email template.
Are there any security issues/risks that I need to be aware of? Or is this approach recommended.
My approach is currently aimed at server side rendering of the emails. I also checked out some solutions for client side rendering, like Dust.js, but I'm not yet convinced that it will help me.
I believe there are many answers on here already regarding this; but to summarize what I've found: It is "safe" to do so, but take care what variables/objects you expose to the user (i.e. include in the context of the template to be rendered).
render_to_string('template_name.txt', {'user': Users}) would be really bad :)
It all depends on the context in which the template will be evaluated, just make sure that no variable is passed that should be considered private.
Also, should a security bug be discovered in Django templating system, your web application would be at risk. You would have to validate the input, but you can't really do that, because the input does not have any particular structure.
So try and sandbox the process from the rest of the application, if you can. Or simply ask yourself if this feature is really necessary and if you can't just let the user specify what to include in the message by using a checklist or anything similar. At that point, validating the input becomes trivial and you don't have to expose the full template to the user.
I'm in the process of building several Django based web applications for the same client. What I would like to do is set up an authentication server so that user credentials can be shared among django projects e.g. Jan Doe creates account for App-A and can use the same un and pw to log in to App-B.
Django packages is only somewhat helpful as I can't tell from the package descriptions if the package will help me do what I want to do or not.
I'm very inexperienced in this area so I don't even know if my questions are appropriate, but here goes:
Should I even be looking at django packages?
Would looking for a python based auth server be more appropriate?
Where should I start to solve this problem?
No, you don't need a separate package. Just use Django's built-in multi-database handling. Check out: https://docs.djangoproject.com/en/dev/topics/db/multi-db/.
Essentially, you designate one of your databases as the one that's going to store the user data and make sure that database is added to each of your other projects. Then set up a router that checks for app_label=='auth' and route to the "user" database for those instances. There's an example in the docs.
What are the pros and cons of using open id vs auth? Shoud I do both?
That depends whether you want to support Open ID. As to the reasons behind Open ID, in my view the most compelling one is that it avoids requiring your users to have an account just for your site, with all the hassle that involves (yet another username and password to remember).
If you decide you want to use Open ID, there's not need to choose between that and auth - use django-openid-auth, which adds Open ID support to the auth framework.
Definitely try and avoid using an Open ID implementation that doesn't plug into Django's auth framework - you'll lose a lot of the baked-in goodness of Django (model-level permissions etc).
OpenID and OAuth do different things. OpenID lets users log into your site. OAuth lets people give your site access to their data elsewhere. On the other side of the coin, OAuth gives you a secure way to let users access their data in your service from elsewhere.
If you implement OpenID, don't implement an OpenID producer. Everyone's already got an OpenID, whether they know it or not. Just consume openids from elsewhere. Migrating OpenIDs shouldn't be hard. Just make sure that a user account can connect via multiple OIDs, then they can add new ones as needed, and remove when they're done with them.
Edit: Just saw that you were talking about django auth, not oauth. Oops. The second paragraph still stands.