Re: scripted login to django

[Robin Becker]

On 23/02/2011 11:51, Mike Ramirez wrote:
...



Have your tried urllib2.Request[1] to POST your login data, how a browser
would do it?



yes
...

eventually I got this to work with 1.2.5 (and the tutorial site); the main 
problems were that hitting admin to get the csrfmiddlewaretoken pops up a login 
page which posts back to /admin/ (not /admin/login/); also it seems we need to 
add in the extra hidden variable this_is_the_login_form to make things work better.



import urllib2, urllib, cookielib

site='http://127.0.0.1:8000'
cj = cookielib.CookieJar()

# build opener with HTTPCookieProcessor
o = urllib2.build_opener( urllib2.HTTPCookieProcessor(cj))
urllib2.install_opener( o )


print 1, 30*'='
for cookie in cj:
print cookie.domain, cookie.path, cookie.name, cookie.value
# perform login with params
f = o.open( site + '/admin/')
data = f.read()
f.close()
print 1,30*'!'
print data
D={ 'username': 'myuser', 'password': 'mypassword', 'this_is_the_login_form': 
'1'}
tl = [l for l in data.split('\n') if 'csrfmiddlewaretoken' in l]
if not tl:
raise ValueError('no csrf token found')
tl = tl[0].split('value=')
tl = tl[1].split(' ')[0].strip('"\'')
D['csrfmiddlewaretoken'] = tl
p = urllib.urlencode(D)

print 2, 30*'='
for cookie in cj:
print cookie.domain, cookie.path, cookie.name, cookie.value

f = o.open( site + '/admin/',p)
data = f.read()
f.close()
print 2,30*'!'
print data

# second request should automatically pass back any
# cookies received during login... thanks to the HTTPCookieProcessor
print 3, 30*'='
for cookie in cj:
print cookie.domain, cookie.path, cookie.name, cookie.value

f = o.open( site+'/admin/')
data = f.read()
f.close()
print 3,30*'!'
print data




--
Robin Becker

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

scripted login to django

[Robin Becker]

I want to automate a remote django view which requires a login with a python 
script, but I am having difficulty in deciding how to make django accept the 
various cookies. Is there example code somewhere which shows how this should be 
done?


I've tried various cookie jar based approaches, but they don't seem to work. The 
test client works through the server code rather than through the web.

--
Robin Becker

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

weird template escaping

[Robin Becker]

Hi, I have a custom Form that's attempting to expand the following

field.label=u'Elegant, sophisticated, discover Egypt\u2019s local customs'

in a template. The template code looks like


  {{ field.label }}

using some special debugging tricks I can determine that, immediately prior to 
the expansion, the field.label value is still in unicode and has the right value.


However, when the expansion takes place I see the following in the output html



Elegant, sophisticated, discover Egyptâ€s local customs
  

so it looks as though something is being silly and doing the following

1) translate to utf8 ie 'Elegant, sophisticated, discover Egypt\xe2\x80\x99s 
local customs'


2) escaping \x99 as  (trademark char is  == )

where should I start looking to locate the problem?
--
Robin Becker

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

apache authentication with django+flip+fastcgi

[Robin Becker]

We currently have django(using flup) running as a fastcgi  external server (via 
a socket) and would like to use django to control access to static apache files 
(to avoid duplicate logins etc etc); I see that fastcgi can do Authentication 
(in the http sense) and access checking. Is there a way to get django to 
control 
static access in this manner.

I know that I can start up a secondary version of my project and use it as a 
standalone fastcgi script to do what I need, but that requires me to control 
two 
  servers when changes are made and seems a bit clunky.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

field media api

[Robin Becker]

I'm having some troubles working out how to control the order in which 
javascript resources are rendered.


If I have two fields A & B which have dynamic media properties is there a way 
to 
inspect the combined media prior to rendering.

I seem to be getting both lists of js files without any attempt at sorting so I 
end up with some files included twice etc etc.

Is there a way to hook the final rendering?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: multiple projects shared database

[Robin Becker]

derek wrote:
> 
>>> On the other hand, if the two websites are entirely independent, putting
>>> them into a single database is simply poor design. It's trivial to
>>> create a separate database and why not use the tools that are available
>>> instead of adding extra complexity?!
>> I think the idea is to allow common authorisation between the two sites.
> 
> I am a complete newbie here, so pardon me chipping in, but... would it
> not be possible to do authorisation in one database and then have the
> groups-specific databases being separate?
> 
> Derek
..
I don't think django allows multiple databases except via table name hacks and 
similar.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: multiple projects shared database

[Robin Becker]

Malcolm Tredinnick wrote:
> On Wed, 2009-08-05 at 17:59 +0100, Robin Becker wrote:
>> My boss wants to have two different django controlled websites with a common 
>> database. Is there a way to do this?
>>
>> We are already running multiple websites into a single django project and 
>> because they have a disambiguating term in the urls eg each url has 
>> /lang/brand/path we can map the URLs pretty well.
>>
>> With the multiple django projects & 1 database I am worried there are some 
>> hidden problems waiting to come out and play.
> 
> The only potential problem is the content types. There are entries in
> the content types table for each model and it needs to contain
> information about all the models. So be careful when you're running
> syncdb.

I have already been bitten by the content types thing. I'm not sure I 
understand 
exactly what is using django_content_type, but one of our developers started 
using ContentType as part of an intermodel link structure and although it 
worked 
it is fragile since the content type ids are not guaranteed to be the same 
everywhere.

> 
> What you're trying to do here is not dissimilar to just using different
> settings files for the same database, as in this tip:
> http://www.pointy-stick.com/blog/2009/03/26/django-tip-controlling-admin-or-other-access/
> 
> On the other hand, if the two websites are entirely independent, putting
> them into a single database is simply poor design. It's trivial to
> create a separate database and why not use the tools that are available
> instead of adding extra complexity?!

I think the idea is to allow common authorisation between the two sites.
...
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

multiple projects shared database

[Robin Becker]

My boss wants to have two different django controlled websites with a common 
database. Is there a way to do this?

We are already running multiple websites into a single django project and 
because they have a disambiguating term in the urls eg each url has 
/lang/brand/path we can map the URLs pretty well.

With the multiple django projects & 1 database I am worried there are some 
hidden problems waiting to come out and play.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

re-usable applications

[Robin Becker]

We're trying to write some re-usable apps, but face some problems when it comes 
to configuring various bits of the application to run together.

First off it seems reasonable to allow apps to locate their resources using 
settings.py. However, in one instance we're not able to do this.

Specifically when widgets are created the Media subclass doesn't allow for any 
kind of initialization of the included javascript.  So my colleague then has to 
force the app to load resources from a fixed location say /media/myapp/.

In other places we're able to configure the javascript using a script tag eg

var myapp_url_prefix='/notmedia/myapp';

Would it not be a good idea to allow widgets to enter things other than js and 
css in the head section. If 'script' were allowed as an attribute then widgets 
could also be configured relatively simply. There are also other bits of 
configuration which widgets could request eg onload/onunload etc etc.

For most apps there's no real problem in having a fixed resource location, but 
I 
can see cases when proper configuration is desirable.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

clear a newforms error indicator

[Robin Becker]

We have some legacy code that wants to display a partially filled form. One of 
the fields is required to be non-empty (it's a captcha) so when re-issuing the 
form partially filled I've been doing this

class EmailForm(forms.Form):
  .
   vericode = forms.CharField(max_length=5, required=True, label='CODE')


  ...

nparams= params.copy()
nparams['vericode'] = ''
ef = EmailFormPangea(nparams)


but I find then that the vericode field is marked as in error when I come to 
render.

To fix this I tried

ef = EmailFormPangea(nparams)
ef.full_clean()
del ef._errors['vericode']

but this looks fairly clunky. Is there a better way to clear errors or to 
indicate that something is not in error during rendering, but should be 
considered erroneous on submission?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: fastCGI: always one server per site ?

[Robin Becker]

Valts Mazurs wrote:
...
> 
> Any reason you went for processes rather than thread ?
> 
> Robust, stable, no issues with GIL.
> 
..
We run flup+apache+django with many hosts and only had problems when trying to 
run threaded. We are running different virtual machines into the same socket ie 
only one server.

As for the long running process problem the solution seems to be

1) fork an external process that runs the long running part

2) in the parent return a view that queries the long running part (obviously 
you 
need to keep track of the PID etc etc). We have used javascript timeouts to 
call 
back to the server every few seconds.

3) when the long running part finishes any views that are polling the job see 
some kind of end marker and then stop polling.

There are obvious dangers here.

First off you don't want to be rerunning the jobs that are already running so 
some kind of queue might be useful.

Secondly you really ought to kill running jobs for which no query has been 
received recently.

Finally you ought to limit the resources consumed by the background jobs to 
keep 
the server response time reasonably fast.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

enforcing uniqueness

[Robin Becker]

My boss, created a model that represents an override to parts of other model 
instances; the business logic demands that the model instances should be 
uniquely defined by two attributes a and b

ie

o1.a==o2.a and o1.b==o2.b <==> o1 is o2.

I know that we can implement validation rules in the admin to ensure that this 
is so, but he prefers to merge an existing instance into the new version at 
save 
time and also delete the existing one. Is that in fact possible with django's 
orm?

I'm thinking of code somewhat like this

def save(self):
   P=list(Over.objects.exclude(id=self.id).
filter(a=self.a,b=self.b).order_by('id'))
   if P:
  for p in P:
 self.merge(p)
 p.delete()
   super(Over, self).save()

would this work?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: partially edit an object

[Robin Becker]

koenb wrote:
sted a snippet on
> djangosnippets with my DisplayModelForm [1].
> Basically, it allows you to reuse your form definitions, but turn them
> into a "display_only" mode. You can do all fields or just a few.
> ..
I've passed this to my colleague who will no doubt digest in due time; thanks.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

partially edit an object

[Robin Becker]

I have a colleague who wishes to restrict the editability of fields 
dynamically. 
I can see how this arises by considering a Person object. The supervisor role 
might be allowed to edit more than the individual concerned.

We looked in vain for an 'easy' way to do this using old forms, newforms, 
generic views etc etc, but eventually started writing our own views to do this.

Sure I could probably start trying to grok the inner horrors of update_object 
and minulators etc etc, but that seems really overkill for such a simple 
requirement.

I expected to be able to pass in a list of fields that were to be left alone or 
something as easy. Is there no easy way to do these simple extensions; if not 
what's the 'right' way to do this in the various contexts?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

IE6 problem

[Robin Becker]

I have a problem with django administration and IE6. Basically no matter what I 
do I get a cookies problem when trying to log in to /admin. It seems that this 
website is permanently cookie blocked by IE6. I have tried going to the provacy 
policy etc etc internet settings, but nothing I do seems to make the site work 
(up to and including allowing unrestricted cookies in the internet settings).


I'm using IE7/Firefox on the same site and that has no problems at all. I'm 
wondering if my test machine (which has both IE7/6 is the issue).

Can anyone help?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

selenium versus django app

[Robin Becker]

I have a bunch of really weird errors coming from selenium built with the IDE 
when running in proper selenium. The page in question is an admin form coming 
from the python django framework


>  info: Executing: |type | ctyhocn | gathi |
>  debug: Command found, going to execute type
>  error: Unexpected Exception: A script from "http://127.0.0.1:8000; was 
> denied UniversalFileRead privileges.

The field in question appears to be completely unexceptional; it's just an 
input 
text box

> 

following this message there appears to be a large amount of debug info related 
to some kind of string functions eg camelize, gsub etc etc.

Can anybody tell me what's going on?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: shared state between requests and FastCGI

[Robin Becker]

Amit Ramon wrote:
> Hello,
> 
> I'm developing a site that need to display ads. The ad to display on a page 
> is selected by a function based on the value of a global state - an 
> application state that need to be maintained across requests and different 
> users. In other words, the state is a "website singleton".
> 
> This state is read and changed on every request. One trivial way to achive 
> this is to store the state in the database, but I'm afraid that changing the 
> value in the database with every request might create a performance 
> bottleneck (I'm using MySql, don't know if it matters).
> 
> I thought about having a global (plain python) variable to store the state. 
> However, there are some points to think about, especially since I'm not sure 
> how FastCGI works:
> 1. Is there single process that handles all the requests? (so it can keep 
> state)
> 2. If so, are different requests handles by separate threads? If this is 
> true, then I probably need to make this state variable thread-safe.
> 3. How long does the FastCGI process (or the relevant application process) 
> lives? I don't mind reseting the state from time to time, but not too often.
> 
> The ad selection mechanism is somewhat probabilstic - ads should be displayed 
> more or less randomly (with some uniform or weighted distribution), so 
> another option I'm thinking of is using python's random() function to select 
> an ad. That way I won't have to maintian state explicitly,  although a state 
> would be maintained by python for the random number generator. This also 
> raises some questions: again, to make this work well there need to be a 
> single server process, the random number generator (or its state) need to be 
> global.
> 
> I hope this is not too long, and clear enough. I would appreciate any ideas.
> 
> Thanks,
> 
> Amit Ramon
..
I think that unfortunately the top level django process spawns new processes 
(or 
threads) to handle concurrent requests. It all depends on the fcgi mechanism. I 
suspect the fcgi protocol assumes stateless behaviour like much else of the 
HTTP 
world so there's probably no obvious way to share state. Certainly the fork 
model essentially duplicates the parent and child before the child continues so 
there must be some way for the parent to communicate with the child, but I 
don't 
think there's any obvious way for the child to communicate back.

In the separated case you really want the distribution function to satisfy a 
certain property eg additivity so having two independent generators and summing 
the results should look like the same distribution as one or three etc etc 
except perhaps for scale. Unfortunately I don't think that's true in general, 
it's certainly true for gaussians.

If you really want to to this with a single generator then why not pass the add 
selection problem off to a service on your server ie put the whole problem into 
a singleton server with a fast response using say XMLRPC if all this has to do 
is compute a single draw from your function it should be fairly fast.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

fastcgi problems

[Robin Becker]

I'm using apache2.0+mod_fastcgi with flup prefork django 0.95+. With large 
requests we see an error return from the server (not django), but using top I 
can see the python process (presumably for the large request) ticking away 
using 
up lots of memory/cpu. At some point the python process stalls (I think because 
it wants to write to the now defunct pipe or whatever).

I see these messages in the apache error log
FastCGI: comm with server "/...fcgi" aborted: idle timeout (30 sec), 
referer: 
  FastCGI: incomplete headers (0 bytes) received from server 
"/...fcgi", 
referer: 

so I'm guessing that the apache end of the fastcgi pipe is timing out. Is there 
a way for the django/flup side to signal that the request is not dead.

I find it a bit strange that the django side doesn't seem to care about whether 
the apache side is alive or dead.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: foreign key search

[Robin Becker]

Karen Tracey wrote:
> On 12/3/07, Robin Becker <[EMAIL PROTECTED]> wrote:
>>
>> I have a simple model with a foreign key relation
>>
>> class A(models.Model):
>>   id = models.CharField('ABCDEFG', .)
> 
> 
> Do you really have an explicit field named 'id'?  Do you also include
> primary_key=True over in that '' part?  Otherwise it seems you'd get a
> conflict between your explicitly id field and Django's auto-generated one.

id has primary_key=True


> 
> class B(models.Model):
>>   def __str__(self):
>>  return self.name
>>
>>  class Admin:
>>  list_display = ('name',)
>>  list_display_links = ('name',)
>>  ordering = ('a', 'name')
>>  search_fields = ('a__id','name')
>>
>>  a = models.ForeignKey(A, num_in_admin=3)
>>  name = models.CharField(maxlength=255, core=True )
>>
>
> 
> 
> the 'a__id' syntax is correct.  I don't quite understand what "seems to
> locate some rows, but the listing page doesn't display." means.  How can you
> tell what it found if the listing page doesn't display?  What displays
> instead of the listing page -- an error, a blank page, a
> never-finishes-loading page...?

Well I see the search box, and when I enter the id of a known A and hit the go 
button The page that returns has

"23 results (6380 total)" beside the go button and in the body of the page I see

23 as


however there's no other text in the page. I expected to see the rows that were 
found.

After testing with different data I believe it's just one of my data rows 
that's 
vanishing.


> 
> For a simple example from my own models that works for me, I have (from a
> legacy database so the names don't quite match what you'd expect for a
> Django app):
> 
...
> Karen
...

-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

foreign key search

[Robin Becker]

I have a simple model with a foreign key relation

class A(models.Model):
  id = models.CharField('ABCDEFG', .)

class B(models.Model):
  def __str__(self):
 return self.name

 class Admin:
 list_display = ('name',)
 list_display_links = ('name',)
 ordering = ('a', 'name')
 search_fields = ('a__id','name')

 a = models.ForeignKey(A, num_in_admin=3)
 name = models.CharField(maxlength=255, core=True )

originally I had the search_fields=('a','name') but that failed to search at 
all. My boss suggested that the documentation 'foreign_key__related_fieldname' 
should be replaced by 'a__id' and that seems to locate some rows, but the 
listing page doesn't display. I looked in vain for some simple examples, but 
cannot get this simple behaviour to work. What's the 'right' way to search by a 
foreign key?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

middleware introspection

[Robin Becker]

A colleague is writing a response middleware which hijacks the normal view 
under 
certain circumstances. Diagramatically


V0  -->M(0)--> V1  is the normal case view V0 goes directly  to V1 ie the 
middleware M does nothing.

when the hijack is to take place

V0 -->M(1)-->V2-->M(0)-->V1

Now my question

can the middleware determine the template used by V0 so that it can be used 
automatically to generate V2?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: apache authorization with django

[Robin Becker]

Graham Dumpleton wrote:
..
>>
>> I for one am not sure; are we saying that even if I'm using flup / fastcgi as
>> the transport I'm not able to use that for authorization?
> 
> That depends on whether flup supports the backend side of the FASTCGI
> specifications authentication/authorisation mechanism. Ie., as setup
> using the mod_fastcgi directives.
> 
> # FastCgiAuthenticator
> # FastCgiAuthenticatorAuthoritative
> # FastCgiAuthorizer
> # FastCgiAuthorizerAuthoritative
> 
> I don't know what flup does, so you need to look at the flup source
> code or any documentation for flup to work it out.
> 

I'll need to take a look to see what it really supports.

>> The real problem for me is deployment. We have multiple apps on the same
>> machine. We have tried the multiple apache solution (ie a toplevel 
>> distributor
>> with a secondary for the app) and found it wanting. Our preferred solution is
>> fcgi as that allows us fully decoupled processes. Putting the authorization 
>> into
>> mod_python seems to allow the possibility of cross talk even if we use 
>> separate
>> interpreters.
> 
> How do you think you can have 'cross talk'? There are issues with
> running distinct users applications embedded within Apache using
> mod_python, but if they are your own applications it shouldn't be an
> issue as you wouldn't be deliberately trying to sabotage your own
> stuff.
..
although these are applications written by us they are often for different 
clients with possibly stringent security requirements. For the biggest clients 
we just give them a box of their own, for the snaller ones they get a shared 
app 
with a virtual host address. Having a common front end is a problem, as if 
something goes badly awry then possibly client a sees something client b has 
entered etc etc. The mod_python commonality is just another problem for 
security 
auditors.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: apache authorization with django

[Robin Becker]

Graham Dumpleton wrote:
.
>>
>>> In 2.0 there seems no way to provide another
>>> authorizer without writing an apache module.
>> Correct.
> 
> Whoops. Not strictly true. You can write one with mod_python by
> implementing a authzhandler(). You just need to know what you are
> doing. ;-)
> 

that's what the django approach is doing :)
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: apache authorization with django

[Robin Becker]

Graham Dumpleton wrote:
> On Sep 19, 3:05 am, Robin Becker <[EMAIL PROTECTED]> wrote:
>> I find I can use django users and groups to authorize apache locations and
>> directories using a modified version of modpython.py(I just hacked it to 
>> check
>> for required groups).
>>
>> I have some difficulties with this simple scheme.
>>
>> First off it seems to be completely separate from the normal django 
>> behaviour.
>> Is there a way to get existing django tokens to be used? So if I have already
>> logged in or possess a django token can I use that token to provide access 
>> to an
>> apache controlled area?
>>
>> Secondly the apache validation examples all seem to use mod_python as the
>> transport between apache and django. We are tending to use fastcgi (via flup 
>> and
>> runfcgi) as it gives us greater flexibility; we can use an entirely separate
>> process for the python (perhaps even a different python). Is there a way to 
>> use
>> a fastcgi based validation?
>>
>> Finally, my boss wants to use a single auth database. I'm not sure that's
>> feasible, but it seems reasonable to have a central controlled database app
>> which only does user/groups. I think this is less desirable because of the
>> possibility of permission leakage. I can imagine exporting changes into some
>> other project's db so this doesn't seem impossible.
> 
> Can you perhaps gives some code examples of what your authn/authz code
> looks like now so I can see how you are using groups.
> 
> The reason I am curious is that I am currently working on implementing
> a solution in mod_wsgi for better using Python to support Apache
> authentication and authorization. Also, the other way around,
> providing hooks so a Python application can use an Apache auth
> provider for the auth database. This way one can have one auth
> database across Python and non Python applications, plus static pages,
> hosted by Apache.
> 
.

OK my code looks like the standard django/contrib/auth/modpython.py the patch is

***
*** 39,44 
--- 38,54 

   # check the password and any permission given
   if user.check_password(req.get_basic_auth_pw()):
+ G = []  #find required groups
+ S = filter(None,map(str.split,map(str.strip,req.requires(
+ map(G.extend,[filter(None,s[1:])
+ for s in S if s[0].lower()=='group'])
+ for g in user.groups.all():
+ if g.name in G:
+ G.remove(g.name)
+
+ if G:   #fail if required groups remain
+ return apache.HTTP_UNAUTHORIZED
+
   if permission_name:
   if user.has_perm(permission_name):
   return apache.OK


we're using this kind of phrase in our 2.0 apache configs

AuthType basic
AuthName "djauth test"
Require valid-user
Require group rptlab
#AuthUserFile /home/rptlab/etc/passwd
#AuthGroupFile /home/rptlab/etc/groups
PythonInterpreter djauth
PythonAuthenHandler djauth.modpython


I'm guessing that AuthBasicProvider (in your examples) is new in Apache 2.2 and 
makes things easier for this. In 2.0 there seems no way to provide another 
authorizer without writing an apache module.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

apache authorization with django

[Robin Becker]

I find I can use django users and groups to authorize apache locations and 
directories using a modified version of modpython.py(I just hacked it to check 
for required groups).

I have some difficulties with this simple scheme.

First off it seems to be completely separate from the normal django behaviour. 
Is there a way to get existing django tokens to be used? So if I have already 
logged in or possess a django token can I use that token to provide access to 
an 
apache controlled area?

Secondly the apache validation examples all seem to use mod_python as the 
transport between apache and django. We are tending to use fastcgi (via flup 
and 
runfcgi) as it gives us greater flexibility; we can use an entirely separate 
process for the python (perhaps even a different python). Is there a way to use 
a fastcgi based validation?

Finally, my boss wants to use a single auth database. I'm not sure that's 
feasible, but it seems reasonable to have a central controlled database app 
which only does user/groups. I think this is less desirable because of the 
possibility of permission leakage. I can imagine exporting changes into some 
other project's db so this doesn't seem impossible.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: non unicode

[Robin Becker]

Malcolm Tredinnick wrote:
> On Wed, 2007-08-29 at 14:58 +0100, Robin Becker wrote:
>> Hi, we're having some troubles with latest django that are caused by the 
>> switch 
>> to unicode string output. In particular since we were already carefully 
>> handling 
>> the conversion and encoding of the database values we are now getting errors 
>> because the data is in unicode. Is it possible to disable the unicode 
>> conversion?
> 
> No, it's not possible. The assumptions that strings will already be
> Unicode is fairly tightly inter-twined throughout the code. To do
> otherwise would, for example, really impact performance because we would
> *never* be able to assume that things were in the right encoding and
> have to call smart_unicode() everywhere -- the function call overhead
> would be noticeable (I say this from having tested it).
> 
> I'd like to hear details of what the actual problems are, so that we can
> fix things rather than trying to hide them. I'm not going to be able to
> work on anything like this for a little while (partly because of a
> commitment to get some other code finished urgently), but we should fix
> any difficulties.

we're using the str operation in various places. The default unicode --> str 
encoding is ASCII and that now gets used whereas before utf8 str --> str was a 
no-op. We're not using binary data merely what was implicit in the idea of char 
fields. If Django had added unichar fields that would have allowed both kinds 
of 
field to be used and kept backward compatibility for those who need it.

I'm advised that it's impossible to change the default encoding (it's done in 
site.py, but I was warned against messing with it by people on the Python 
development team). One way round my current problems would be to override the 
unicode type being used to allow a django unicode-->str encoding to be 
specified, but probably that's not feasible either as it seems everyone just 
uses unicode without regard to the intended final use.

The suggestion that we unpatch a single back end is probably doable, but we'll 
have more and more problems as time goes on.

> 
> I'm not going to be too surprised to hear that it's something like
> trying to use binary-like data in text fields -- getting a proper binary
> field and, most importantly, getting transparent transmission to and
> from the database in play is a pretty big priority once I have time.
> It's not completely trivial, but, again, a clear description of the
> problems you are having might help guide the design. That will, in
> effect, provide a way to have deliberately unencoded data in both a
> designated binary field and also available for any custom field types
> and should solve some problems I suspect exist.
> 
> Regards,
> Malcolm
> 
> 


-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

non unicode

[Robin Becker]

Hi, we're having some troubles with latest django that are caused by the switch 
to unicode string output. In particular since we were already carefully 
handling 
the conversion and encoding of the database values we are now getting errors 
because the data is in unicode. Is it possible to disable the unicode 
conversion?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Using **?

[Robin Becker]

Greg wrote:
..

The ** thing can be used in two ways

1) to allow extra keyword arguments to be collected into a single dictionary 
inside a function.

eg

def func0(a0,a1,a2,b0=30,b1=31,**kwds):
 print a0,a1,a2,b0,b1,kwds

func0(0,1,2,c0=40,c1=42)

should print

0 1 2 30 31 {'c1': 42, 'c0': 40}

2) You can pass a dictionary into a function as though the keys were passed as 
key=value.

eg

D=dict(a0=-0,a1=-1,a2=-2,b0=-30,b1=-31,c0=-40,c1=-41)
func0(**D)

0 -1 -2 -30 -31 {'c1': -41, 'c0': -40}


note that you can pass fixed arguments as though they were keywords. In the 
function the **kwds argument picks up keywords that are not known in the 
definition. If the dictionary didn't contain the fixed arguments (ie the ones 
without defaults) we'd still have to pass those positionally

eg

D=dict(c0=50)
func0(10,11,12,**D)


10 11 12 30 31 {'c0': 50}


theer's an equivalent concept for positional arguments that uses a single *
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Calling different Django sites from the same external application

[Robin Becker]

Hancock, David (DHANCOCK) wrote:
> We have two Django "projects" with distinct settings files, and we need to
> be able to make API calls to each of them from the same (separate)
> long-running application. Using the API of one of them is easy--we've got
> the DJANGO_SETTINGS_MODULE defined in the environment of the calling
> process, and it works great. Now we're adding the second project's API
> calls, and we're getting the settings of the first project.
> 
> Has anyone got an idea for how to have two sets of settings active in the
> same application at the same time? The one proposed solution (put the second
> project inside the first one) seems a little too brute-force to me.
> 
> Cheers!

I did exactly this by having two settings files and changing the environment 
section in the apache container that we used to start off each application.


 PythonPath "['/usr/tmp/djcodeCODE']+sys.path"
 SetHandler python-program
 SetEnv DJANGO_SETTINGS_MODULE djcode.app.settings
 PythonHandler django.core.handlers.modpython
 #PythonDebug On
 PythonInterpreter app


 PythonPath "['/usr/tmp/djcodeCODE']+sys.path"
 SetHandler python-program
 SetEnv DJANGO_SETTINGS_MODULE djcode.app.test_settings
 PythonHandler django.core.handlers.modpython
 #PythonDebug On
 PythonInterpreter test_app

-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: django authorization of apache

[Robin Becker]

Steven Armstrong wrote:
>
> You could then pass the groups, or whatever else you need, to the 
> handler using PythonOption directives.
> 
> e.g.
> 
> AuthType basic
> AuthName "djauth test"
> Require valid-user
> SetEnv DJANGO_SETTINGS_MODULE djauth.settings
> PythonOption DjangoGroups XXX group2 group3
> PythonAuthenHandler path.to.my.auth.handler
..

well I hacked contrib/auth/handlers/modpython.py and now have group checking 
with this code

# check the password and any permission given
if user.check_password(req.get_basic_auth_pw()):
 G = [] #find required groups
 S = filter(None,map(str.split,map(str.strip,req.requires(
 map(G.extend,[filter(None,s[1:])
 for s in S if s[0].lower()=='group'])
 for g in user.groups.all():
 if g.name in G:
 G.remove(g.name)
 if G: #fail if some required groups remain
 return apache.HTTP_UNAUTHORIZED

 if permission_name:
 if user.has_perm(permission_name):
 return apache.OK
 else:
 return apache.HTTP_UNAUTHORIZED
 else:
 return apache.OK
else:
     return apache.HTTP_UNAUTHORIZED


-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: django authorization of apache

[Robin Becker]

Steven Armstrong wrote:
> Robin Becker wrote on 06/28/07 16:13:
>> I see from this documentation
>>
>> http://www.djangoproject.com/documentation/apache_auth/#configuring-apache
>>
>> that it is conceptually possible to configure apache authorization using 
>> django.
>>
>> However, we have recently decided to de-couple django from mod_python by 
>> using 
>> fastcgi. This is because we wish to allow our django apps to use which ever 
>> python might be appropriate and not restrict to the one for which we have 
>> compiled apache+mod_python.
>>
>> Is there any way to have mod_python stuck on Python-2.4 with the controlling 
>> django app use Python-2.5 and do configuration for apache. The only way I 
>> can 
>> think of is to create a stub project which runs the auth only.
>>
>> I know that theoretically we can advance the apache, but that implies 
>> re-installing wikis etc etc etc and when Python-2.6 comes out and the boss 
>> wants 
>> to use new feature X we'll go through the whole process again.
>>
>> Alternatively is there a way to do the reverse ie get django to use a 
>> database 
>> controlled by apache?
> 
> You could directly access the database using something like 
> mod_auth_mysql or the like. But the way django stores passwords may be a 
> problem.
  yes it seems harder than setting up a dummy project.

On the other hand our current scheme uses require group xxx and I cannot seem 
to 
  get validation done that way.

I have this in a .htaccess file

AuthType basic
AuthName "djauth test"
Require valid-user
Require group XXX
SetEnv DJANGO_SETTINGS_MODULE djauth.settings
PythonOption DJANGO_SETTINGS_MODULE djauth.settings
PythonAuthenHandler django.contrib.auth.handlers.modpython


I see the request for a user, but the validation seems to ignore the Require 
Group clause entirely.
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

django authorization of apache

[Robin Becker]

I see from this documentation

http://www.djangoproject.com/documentation/apache_auth/#configuring-apache

that it is conceptually possible to configure apache authorization using django.

However, we have recently decided to de-couple django from mod_python by using 
fastcgi. This is because we wish to allow our django apps to use which ever 
python might be appropriate and not restrict to the one for which we have 
compiled apache+mod_python.

Is there any way to have mod_python stuck on Python-2.4 with the controlling 
django app use Python-2.5 and do configuration for apache. The only way I can 
think of is to create a stub project which runs the auth only.

I know that theoretically we can advance the apache, but that implies 
re-installing wikis etc etc etc and when Python-2.6 comes out and the boss 
wants 
to use new feature X we'll go through the whole process again.

Alternatively is there a way to do the reverse ie get django to use a database 
controlled by apache?
-- 
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: dynamically changing URLS

[Robin Becker]

James Bennett wrote:


On 1/8/07, Robin Becker <[EMAIL PROTECTED]> wrote:
Is there any obvious way to get the dispatch mechanism to behave 
differently

under specific circumstances?


Not too long ago, there was some new functionality checked in to trunk
which allows you to tell Django to use a different URLConf on a
per-request basis, by having request middleware assign to
'request.urlconf' -- Django will then look at that for the root
URLConf module to use, instead of the one specified in settings. The
use case which inspired that was being able to switch URLConfs based
on the value of the HTTP 'Host' header, but you might be able to adapt
it to your needs.

However, in your specific case I wonder if it wouldn't be better to
just have a separate settings file with a different value for
ROOT_URLCONF; when you need to upgrade, switch to that file
temporarily, and then switch back when you're done. You're going to
have to do server restarts either way if you're making code changes,
so this seems the logical thing to do.



thanks very useful stuff.

--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

dynamically changing URLS

[Robin Becker]

Is there any obvious way to get the dispatch mechanism to behave differently 
under specific circumstances?


We have a site where the clients can enter live data, but when we want to 
upgrade code/fix bugs etc we would like them to be locked out and a road up page 
to be shown instead.


Assuming we have decision value the alternatives seem to be

1) Fix up those views which need to be hidden so they change representation when 
the value says hide.


2) Change the dispatcher so it knows to substitute different views when the hide 
signal is on.


3) some other mechanism not yet discovered


Not wishing to fix all of our views (in particular the contrib/admin stuff) I 
tried 2 and had some success. I can get a resolver which either points to the 
original value or a generic road up page.


Have others tried anything similar?
--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: multiple projects one server

[Robin Becker]

David Zhou wrote:



On Jan 5, 2007, at 5:00 AM, Robin Becker wrote:

so these define the server used by the http stuff below, do I  
understand it correctly that the fcgi processes are setup to listen  
on the above ports?


Those are unix sockets, but correct.  The fcgi processes are listen  at 
those sockets.


If so does nginx provide some mechanism to start them up or is it  all 
handomatic?


I have a script that starts them up, but yeah, AFAIK, there isn't  
anything in nginx or Django that starts them automatically.

..
thanks David, real helpful
--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: multiple projects one server

[Robin Becker]

David Zhou wrote:



I'm running nginx + fcgi for Django, so the below is in nginx's  config 
format.  But I'm assuming that lighttpd should be able to do  something 
similar.


Basically, in nginx, you can specify various upstream pools. For  example:

upstream blah {
server unix:/tmp/blah.com_1.sock;
server unix:/tmp/blah.com_2.sock;
}

upstream foo {
server unix:/tmp/foo.com_1.sock;
server unix:/tmp/foo.com_2.sock;
}



so these define the server used by the http stuff below, do I understand it 
correctly that the fcgi processes are setup to listen on the above ports?


If so does nginx provide some mechanism to start them up or is it all 
handomatic?



then in the site definitions:

server {
listen  80;
server_name blah.com;

location / {
#insert FCGI params stuff here
...
##
fastcgi_pass blah;
}
}

server {
listen  80;
server_name foo.com;

location / {
#insert FCGI params stuff here
...
##
fastcgi_pass foo;
}
}

...

--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

multiple projects one server

[Robin Becker]

I'm unsure if this is a simple to answer issue or not. We've been using django 
simply for a while and are now starting to use it in a more production like 
setting. Since apache is our preferred server we tried using a single apache 
server with mod_python in virtual hosts. Each virtual host had its own 
interpreter, but for various reasons we decided it was too hard to prevent 
intra-interpreter interactions. The main problem being our own C accelerators; 
we currently don't have time to rewrite these to allow easy use with multiple 
interpreters/threads.


Currently I am trying a two level approach with proxying; it seems to work. The 
apache in the second level handles only one of the upper level virtual hosts and 
since they are in a different process no interactions can happen. Clearly we 
have more apache processes than before and the restarts are harder etc etc.


Is there a better way to handle this sort of thing using fastcgi or scgi?  Can 
we get all requests from a particular host to be handled in only one group of 
processes. Our back end process doesn't respond well to being threaded and it 
can take a long time to complete so we seem to need a worker pool for each 
virtual host.


Any ideas welcome.
--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Silly behaviour of exception output

[Robin Becker]

Jeremy Dunck wrote:


On 12/28/06, Robin Becker <[EMAIL PROTECTED]> wrote:
...


no worries, in trac mode I added the patch then the patch and finally 
changed

the summary to start with [patch].
--


And the uncaught exceptions?


I'll do another one tomorrow.
--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Silly behaviour of exception output

[Robin Becker]

Jeremy Dunck wrote:



The django-developers list exists not just for people that have
committer access, but for discussion of development -of- django, as
opposed to django-users, which exists for people developing -with-
django.

I was making the suggestion because I'd like to see the improvements
made, but sending a lone message to dju is a great way for it to be
forgotten.

Ticketing systems exist for a reason, I'm sure you'll agree.


I'm willing to submit patches, but I really hope it's not trac which
I dislike. Where should I submit these tickets etc etc.




.



If you can't bring yourself to make the tickets, please just make
patches, and I'll do the dirty work of the ticket itself.


no worries, in trac mode I added the patch then the patch and finally changed 
the summary to start with [patch].

--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Silly behaviour of exception output

[Robin Becker]

Jeremy Dunck wrote:


On 12/28/06, Robin Becker <[EMAIL PROTECTED]> wrote:


Our team has been using Django for about one year. I find it difficult 
to debug
with Django despite the attempt at friendly traceback pages. It seems 
Django has

failed to take advantage of the tracebacks that are available.


This sounds like good input, but you'll have better luck if you 1)
make a ticket and 2) send the message to django-developers.


..

I don't much care for elite groups, but surely the developers list is for actual 
developers. I'm willing to submit patches, but I really hope it's not trac which 
I dislike. Where should I submit these tickets etc etc.

--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Silly behaviour of exception output

[Robin Becker]

Our team has been using Django for about one year. I find it difficult to debug
with Django despite the attempt at friendly traceback pages. It seems Django has
failed to take advantage of the tracebacks that are available.

First off near line 97 of django/views/debug.py

if pre_context_lineno:

this test fails constantly because DJango seems to have the wrong path names for
most modules. It seems Django ends up with pathnames like
./core/handlers/base.py rather than django/core/handlers/base.py


The result of this failure is that the stack traces have missing frames and
often the actual error frame is missing. A simple patch to fix this silliness

Index: django/views/debug.py
===
--- django/views/debug.py   (revision 4207)
+++ django/views/debug.py   (working copy)
@@ -107,6 +107,20 @@
 'post_context': post_context,
 'pre_context_lineno': pre_context_lineno + 1,
 })
+else:
+frames.append({
+'tb': tb,
+'filename': filename,
+'function': function,
+'lineno': lineno + 1,
+'vars': tb.tb_frame.f_locals.items(),
+'id': id(tb),
+'pre_context': '[unknown pre_context]',
+'context_line': '[unknown context_line]',
+'post_context': '[unknown post_context]',
+'pre_context_lineno': '[unknown pre_context_lineno]',
+})
+
 tb = tb.tb_next

 if not frames:


Secondly it seems that bugs in middleware are uncaught eg in

core.handlers.base.BaseHandler.get_response django/core/handlers/base.py line 58

# Apply request middleware
for middleware_method in self._request_middleware:
response = middleware_method(request)
if response:
return response

is not in the main try block so is not handled properly. Also the post
processing of responses is broken eg in django/core/handlers/modpython.py near
line 150

   # Apply response middleware
   for middleware_method in self._response_middleware:
   response = middleware_method(request, response)

is outside of any try except block so cannot have a nice traceback.

A colleague is trying to use a middleware for logging successes and errors.
However, it seems that using process_exception only sees errors in the main
callback and not any other middleware methods. Again this seems to be caused by
the code in BaseHandler.get_response. Surely any error in middleware is as
damaging as an error in the main callback?
--
Robin Becker

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---