Re: CSRFmiddlewaretoken issue ?

2013-01-15 Thread Travis J 
{% csrf_token %} introduces a hidden field into your form that will be 
posted.  Second, request.raw_post_data is going to be form-encoded, so it 
will look like "csrf_token=adsjadsf=" 
(generally you would only use raw_post_data for binary files and the like).

To get it working quickly, use request.POST['body'] instead (you'll need to 
think about sanitizing; what happens on display if a user has included 
Javascript in the message). 

tj

On Monday, January 14, 2013 11:08:22 AM UTC-7, Rahul Gaur wrote:
>
> Hi, 
>   I am working on a Project which implements micro blogging(river flow) 
> like twitter.
>
> I made a django app for this and here is the snippet of the models.py 
>
> I registered the app with 'admin'
>
>  class uPost(models.Model):
> body = models.TextField(max_length=150)
> author = models.ForeignKey(auth.User)
> pub_date = models.DateTimeField('Date')
> 
> def __unicode__(self):
> return (self.body)
>
> def get_author_url(self):
> return "/u/%s/p/0" % (self.author)
> 
> class Meta:
>
> ordering = ['-pub_date']
>
>
> here is snippet from  post.html page 
>
> 
> {% csrf_token %}
> 
> 
> Report a Story:  rows="2" cols="40" name="body">
> 
> 
> 
> 
>  
> # I use this to post the tweet  and below is the 
>
> #views.py function 
>
> def tweet(request):
> assert(request.method=='POST')
> body = smart_unicode(request.raw_post_data)
> topic = uPost(body=body, author=request.user)
> topic.pub_date = datetime.datetime.today()
> topic.save()
> return HttpResponseRedirect("/riverflow") # calls the function views 
> function that list all post in the timeline
>
>
> When I use the post.html 
>
>
> OutPut I get when I post any tweet with the above FORM and Views func def 
> tweet
>
>  
>
> csrfmiddlewaretoken=eTqlKTZe9AyMiudycqENAJxoLn9WXjA9=hmm+just+check+ing+%21
>
> @aregee Jan. 14, 2013, 11:33 a.m.
>
>
> It has to do something with the CSRF middleware token right ?
>
> I tried to use @csrf_exempt decorator in my views function,that does 
> remove  csrfmiddlewaretoken =*& post the following on the timeline  
> "body=MESSAGEPOSTED "
>  
> What am I doing wrong here .?
>
>
>
>
> ---
> *Rahul Gaur*
> *irc : iamaregee2*
> *web: *http://www.rahulgaur.info*
> *
> *blogs : *aregee.wordpress.com , 
> http://sanencynicalwriter.wordpress.com/
> *fb:* http://facebook.com/iamaregee 
> *github: *https://github.com/aregee
>
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/4fWZdPC1GUUJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Intermingling applications

2013-01-15 Thread Travis J 
Hi,

I have an annoying problem I've inherited that I'm trying to clean up. I'm 
looking for advice on the best way to clean it up.

We have a Django web app.  It is essentially a view in a running log (call 
it *reader*) from a database.  The db log is populated by an event queue 
(call it *writer*) on a different machine.  All of the code involved is 
Python. *Writer* also processes other queue items that don't involve *reader
* and it processing enough event items that indirecting through a service 
is probably not a good idea.

*Reader* defines all of the tables using Django models. *Writer* includes 
all of the code from *reader* in order to access those model classes to 
insert items into the database.

The problem is that the dependencies between *reader* and *writer* are 
somewhat opaque, and it gets even worse because there are clients of *writer
* as well. This is of particular concern as we try to minimize what gets 
installed on *writer*. For instance, we don't really want a third-party 
login blocker to be installed, since it would never be used.

I've been trying to come up with alternatives, but I don't really like 
anything I've come up with.  Is there a better option that keeps code DRY 
that I'm missing?

Thanks.

tj

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/Njs9kLgbnHwJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.