#StackBounty: #python #django #apache #authentication #django-auth-ldap How to apply hashing SHA256 on Django LDAP login?

Bounty: 50

I’m using LDAP authentication in Django, as shown below and also using password hashers.

from django_auth_ldap.config import PosixGroupType, LDAPSearch
import ldap

PASSWORD_HASHERS = [
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
    'django.contrib.auth.hashers.Argon2PasswordHasher',
    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
]

# We use a dedicated user to bind to the LDAP server and execute the server.
AUTH_LDAP_SERVER_URI = "ldap://xx.xx.xx.xx:389"
AUTH_LDAP_BIND_DN = "xxxxx@xxxx.com"
AUTH_LDAP_BIND_PASSWORD = "xxxxx"
AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_DEBUG_LEVEL: 1,
    ldap.OPT_REFERRALS: 0,
}

# sAMAccountName is mostly used for Micrsoft Active Directory
# objectCategory    CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=xxxx,DC=com
# (cn=%(user)s)
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=corp,DC=xxxxx,DC=com", 
                                    ldap.SCOPE_SUBTREE, 
                                    "(&(objectClass=user)(sAMAccountName=%(user)s))")

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

But, my credential is transmitting in a plain text.

From Fiddler:

enter image description here

Password stored in DB:

!Qoc6uEP5h0lOXIeqmSov1HWOL8eY4fmlpJ1Z3q

How to apply hashing SHA256?

Note: Site was deployed on Apache2.4, Windows server 2008 r2.


Get this bounty!!!

#StackBounty: #javascript #django #python-3.x #opencv #pythonanywhere How to access webcam in OpenCV on PythonAnywhere through Javascri…

Bounty: 50

I have developed a WebApplication in Django that has a view method which contains the OpevCV code that when triggered opens the User Webcam to detect its face. This app works fine in my localserver but when I have hosted it on PythonAnywhere it says camera not found as my PA hosting doesnt serve a camera.
So someone suggested me to open the webcam through javascript as it deals with the client machine and then pass its feed to server machine which is my hosting.
But as i am a rookie in Python i am not able to figure how to perform the above task.
I found this piece of js code but i dont know how and where to add this in my Django App.

Code for getting the feed with Javascript

var video = document.querySelector("#videoElement");

if (navigator.mediaDevices.getUserMedia) {
    navigator.mediaDevices.getUserMedia({video: true}).then(function(stream) {
      video.srcObject = stream;
  }).catch(function(err0r) {
      console.log("Something went wrong!");
  });
}

My Python code for opening the camera and detecting faces is as follows (it works in localserver)

import cv2

cascade = cv2.CascadeClassifier('./haarcascade_frontalface_default.xml')

cam = cv2.VideoCapture(0)


while True:
    ret, frame = cam.read()
    frame = cv2.flip(frame, 1)

    if ret:
        gray = cv2.cvtColor(frame, cv2.COLOR_BGR2GRAY)

        faces = cascade.detectMultiScale(gray, scaleFactor=1.3, minNeighbors=3)

        for (x, y, w, h) in faces:
            cropped = cv2.resize(frame[y:y+h, x:x+w], (198,198))
            cv2.rectangle(frame, (x, y), (x+w, y+h), (255, 0, 0), 2)

        if cv2.waitKey(1) & 0xFF == ord('q'):
            break
            cv2.destroyAllWindows()

        cv2.imshow('Stream', frame)

Any help is appreciated. Thank you in advance


Get this bounty!!!

#StackBounty: #python #django #rss #rss-reader #rss2 Django Rss Feed add image to description

Bounty: 50

I am trying to use Django rss feeds to view feeds on rss viewer app.

i used from django.contrib.syndication.views import Feed to create rss feeds

but it only had 3 fields title, description and link
i added custom fields by using from django.utils.feedgenerator import Rss201rev2Feed

and it generates the extra fields with no issues

enter image description here

but when i open it with a rss viewer it doesn’t show those extra fields or the image

enter image description here

My question is how can i make those extra fields show up in app ?

does it not show up because app only shows title, description and link and those other fields are not processed ?

so how can i embed image and other fields in description so it shows up (most importantly image show up) ?

i have went over documentation many times can’t seem to get it right.

here is the view code from Django app

class CustomFeedGenerator(Rss201rev2Feed):
    def add_item_elements(self, handler, item):
        super(CustomFeedGenerator, self).add_item_elements(handler, item)
        handler.addQuickElement(u"image", item['image'])
        handler.addQuickElement(u"seller_name", item['seller_name'])
        handler.addQuickElement(u"price", item['price'])

class LatestPostsFeed(Feed):
    title = "www.marktplaats.nl"
    link = "/feeds/"
    description = "Updates on changes and additions to posts published in the starter."

    feed_type = CustomFeedGenerator

    def items(self):
        return Check_Ads_One.objects.order_by('title')[:5]

    def item_title(self, item):
        return item.title

    def item_description(self, item):
        return item.paragraph

    def item_link(self, item):
        return item.prod_link

    def item_extra_kwargs(self, item):

        return { 'image': item.image_link,
                'seller_name' : item.seller_name,
                'price': item.price,}

I’m using Rss Savvy for the reader app


Get this bounty!!!

#StackBounty: #python #django #python-3.x #mocking #python-unittest Why does this assert_has_calls with the usage of ANY fail in python…

Bounty: 50

It looks like the version of the mock is 3.0.5 in both Python 2.7.15 and 3.7.5 I am testing in.

with patch('a.models.BManager.methodC',autospec=True) as method_mock:
    do something

    expected_calls = [
        call(ANY, param_a=some int value, param_c=some datetime value, etc..),
        call(ANY, param_a=some int value, param_c=some datetime value, etc..)
    ]

    method_mock.assert_has_calls(expected_calls, any_order=True)

This succeeds in Python 2.

However, in Python 3, I get (a few new lines inserted for better formatting)

AssertionError: 'methodC' does not contain all of 

(('', <BoundArguments (self=<ANY>, param_a=1, param_b=2, param_c=datetime.datetime(2020, 1, 29, 11, 47, 11))>), ('', <BoundArguments (self=<ANY>, param_a=1, param_b=3, param_c=datetime.datetime(2020, 1, 30, 3, 47, 11))>))

in its call list, found

[('', <BoundArguments (self=<a.models.BManager object at 0x7fc95ff66fd0>, param_a=1, param_b=2, param_c=datetime.datetime(2020, 1, 29, 11, 47, 11))>), ('', <BoundArguments (self=<a.models.BManager object at 0x7fc95ff66fd0>, param_a=1, param_b=3, param_c=datetime.datetime(2020, 1, 30, 3, 47, 11))>)]

instead

The code that’s being run is:

ModelClassOfBManager.objects.methodC(param_a=1, etc)

Can anyone help me why this, which succeeds in Python 2, fail in Python 3? The expected calls and actual calls are exactly the same except the value for ‘self’ which I used ANY.

Additional Info: The test passes also in python 3 if I remove “autospec=True” from mocking and remove “ANY” from the call(). So I have a hunch that it is related to how ANY and ‘self’ work in Python 3.


Get this bounty!!!

#StackBounty: #django #django-views #django-urls Is there a way to get a referring URL via a custom HTTP header?

Bounty: 100

I am currently using the following function to get a referring view:

def get_referer_view(request, default=None):   
    referer = request.META.get('HTTP_REFERER')
    if not referer:
        return default

    # remove the protocol and split the url at the slashes
    referer = re.sub('^https?://', '', referer).split('/')
    if referer[0] != request.META.get('SERVER_NAME'):
        return default

    # add the slash at the relative path's view and finished
    referer = u'/' + u'/'.join(referer[1:])
    return referer

If I redirected the view as a result of programmatic logic, e.g…

return HttpResponseRedirect('dashboard')

…is there a way to get the referring view without using HTTP_REFERER so that I can use that variable in the redirected view? This is not always set in the headers of the browser.

Note because the views are redirected pro grammatically, I can’t use POST to collect the data.

Perhaps its possible to set and retrieve a custom header somehow?


Get this bounty!!!

#StackBounty: #python #django #migration #makemigrations Reordering Initial Migration operations

Bounty: 50

Every time I try to migrate my initial migration, right after makemigrations, I get errors like :

django.db.migrations.exceptions.InvalidBasesError: Cannot resolve bases for [<ModelState: 'Project.Class'>]
This can happen if you are inheriting models from an app with migrations (e.g. contrib.auth)

The reason I think this happens is because the order of model operations in the 0001_initial.py migration is incorrect. Operations with classes which inherit from others are added before their parents’. After I reorder the operations, it works: Process finished with exit code 0. Cool! But how do I make makemigrations work without doing this every time?

Thanks!

ps. I tried reordering the import order of my models in the model’s __init__.py but it didn’t work.


Get this bounty!!!

#StackBounty: #python #django #async-await #websocket Sending notifications with Django channels

Bounty: 50

I have project on Django wich use Django Channels. I use Django Channel for sending notifications to users who are subscribed to articles changes (adding/editing/deleting comments on article).

So I’ve chosen this way of realization: every group of channels is an article and when changes happen, script sends notification to relevant groups. My code works correctly but I have some doubts if my choice of way of realization is most appropriate for this task. I need advice what is the best practice in my case?

Solution:

consumers.py

from channels.generic.websocket import AsyncJsonWebsocketConsumer
from channels.db import database_sync_to_async
from project.apps.account.models import UserStatus
from .models import CommentSubscribe


class CommentNotificationConsumer(AsyncJsonWebsocketConsumer):

    async def connect(self):
        await self.accept()
        if not self.scope['user'].is_anonymous:
            groups = await database_sync_to_async(self.get_users_subscription)()
            await database_sync_to_async(self.change_user_status)(True)
            await self.add_subscriptions(groups)

    async def add_subscriptions(self, groups):
        for group in groups:
            await self.channel_layer.group_add(
                'article_{0}'.format(group.article_id),
                self.channel_name
            )

    async def receive_json(self, content, **kwargs):
        command = content.get('command', None)
        article_id = content.get('article_id', None)
        if command == 'subscribe':
            await self.subscribe(article_id)
        elif command == 'unsubscribe':
            await self.unsubscribe(article_id)
        else:
            await self.send_json({
                'error': 'unknown command'
            })

    async def disconnect(self, code):
        await database_sync_to_async(self.change_user_status)(False)

    async def send_notification(self, action):
        await self.send_json(action)

    async def subscribe(self, article_id):
        await self.channel_layer.group_add(
            'article_{0}'.format(article_id),
            self.channel_name
        )

    async def unsubscribe(self, article_id):
        await self.channel_layer.group_discard(
            'article_{0}'.format(article_id),
            self.channel_name
        )

    def get_users_subscription(self):
        return CommentSubscribe.objects.filter(
            user=self.scope['user']
        )

    def change_user_status(self, online):
        return UserStatus.objects.filter(
            user=self.scope['user']
        ).update(online=online)

views.py

from .notify import send_comment_notification

class CreateComment(CreateView):

    ...

    def form_valid(self, form):
        ...
        super().form_valid(form)
        send_comment_notification('create', article_id)


class UpdateComment(UpdateView):

    ...

    def form_valid(self, form):
        ...
        super().form_valid(form)
        send_comment_notification('update', article_id)


class DeleteComment(DeleteView):

    ...

    def delete(self, request, *args, **kwargs):
        ...
        send_comment_notification('delete', article_id)

notify.py

...

def send_comment_notification(action, article_id):
    channel_layer = get_channel_layer()
    group_name = 'article_{0}'.format(article_id)
    async_to_sync(channel_layer.group_send)(
        group_name,
        {
            'type': 'send.notification',
            'data': {
                'action': action
            }
        }
    )


Get this bounty!!!

#StackBounty: #python #django #python-requests Passing data to Django view using Python requests

Bounty: 150

In my Django view, i’m creating a system where an user submits a form or a button. After that, my Django view sends a request to an external Python script, this script receives the request, retrieves some data about that user and sends this data as a response to the Django view, which will perform some operations with this data (show it to the user and so on), all of that is made using Python-Requests. So the external Python script works like a microservice.

I’m able to send the request, and i also managed to make my view receive the response from the external Python script, i only have a problem with authentication.

Here is how i send data to the Django view:

import json

import requests

session = requests.session()
token = session.get('http://127.0.0.1:8000/loginview/')

session.post('http://127.0.0.1:8000/loginview/',
             data={
                 'username': 'USER',
                 'password': 'PASSWORD',
                 'csrfmiddlewaretoken': token})

token = session.get('http://127.0.0.1:8000/myTestView/')
data = json.dumps({'test': 'value'})
session.post('http://127.0.0.1:8000/myTestView/',
             data={
                 'csrfmiddlewaretoken': token,
                 'data': data})

This is what happens here: a request with some credentials is sent, then the login view authenticates those credentials, if the credentials are authenticated, the data is printed by myTestView.

Here are my views:

@login_required
def myTestView(request):
    if request.method == 'POST':
        data = request.POST.get('data')
        print(json.loads(data))
        print('received.')

    response = HttpResponse(get_token(request))
    return response    

def login_view(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)

        if user is not None:
            login(request, user)
            return HttpResponse('authenticated')
        else:
            return HttpResponseForbidden('wrong username or password')

    response = HttpResponse(get_token(request))
    return response

This code works, the only problem is that instead of USERNAME and PASSWORD there should be the username and the password of the user who is using the service. Since the external script sends data about user1, only user1 should read that data.

So if user1 is using the view, the username should be user1 and the password should be USER1PASS. Same if the view is used by user2 and so on.

At the actual stage, to send data to an user i need to change the following code manually. Instead, i need a way to send to Django the user’s credentials, here is the snippet involved:

session.post('http://127.0.0.1:8000/loginview/',
             data={
                 'username': 'USER',
                 'password': 'PASSWORD',
                 'csrfmiddlewaretoken': token})

I don’t know if the question was clear enough. Any advice is appreciated!


Get this bounty!!!

#StackBounty: #django #tox #python-poetry How can I get tox and poetry to work together to support testing multiple versions of a Pytho…

Bounty: 100

I am switching a project that currently uses pipenv to poetry as a test to see what the differences are. The project is a simple, redistributable, Django app. It supports Python 3.6-8, and Django 2.2 and 3.0. I have a tox.ini file that covers all combinations of Python and Django thus:

[tox]
envlist = py{36,37,38}-django{22,30}

[testenv]
whitelist_externals = poetry
skip_install = true

deps =
    django22: Django==2.2
    django30: Django==3.0

commands =
    poetry install -vvv
    poetry run pytest --cov=my_app tests/
    poetry run coverage report -m

The problem that I am having (which does not exist in the pipenv world) is that the poetry install statement will always overwrite whatever is in the deps section with whatever is in the poetry.lock file (which will be auto-generated if it does not exist). This means that the test matrix will never test against Django 2.2 – as each tox virtualenv gets Django 3.0 installed by default.

I don’t understand how this is supposed to work – should installing dependencies using poetry respect the existing environment into which it is being installed, or not?

So – my question is – how do I set up a multi-version tox (or travis) test matrix, with poetry as the dependency manager?

My pyproject.toml defines Python / Django versions as:

[tool.poetry.dependencies]
python = "^3.6"
django = "^2.2 || ^3.0"

The generated poetry.lock file (not committed) has this Django version information:

[[package]]
category = "main"
description = "A high-level Python Web framework that encourages rapid development and clean, pragmatic design."
name = "django"
optional = false
python-versions = ">=3.6"
version = "3.0"

UPDATE: include clean tox output

This is the result when I delete the lock file, and recreate the tox environment. As you can see, tox installs Django==2.2 as a dependency in the virtualenv, but poetry then updates this to 3.0 when it installs.

I need a solution that runs the poetry install, respecting existing package installs. i.e. if pyproject.toml states Django = "^2.2 || ^3.0", and 2.2 is already installed, then pin to that version – don’t attempt to upgrade.

my-app$ tox -r -e py36-django22
py36-django22 recreate: .tox/py36-django22
py36-django22 installdeps: Django==2.2
py36-django22 installed: Django==2.2,my-app==0.1.0,pytz==2019.3,sqlparse==0.3.0
py36-django22 run-test: commands[0] | poetry install -vvv
Using virtualenv: .tox/py36-django22
Updating dependencies
Resolving dependencies...
   1: derived: django (^2.2 || ^3.0)
   ...
PyPI: 10 packages found for django >=2.2,<4.0
   ...
   1: Version solving took 3.330 seconds.
   1: Tried 1 solutions.

Writing lock file

Package operations: 52 installs, 1 update, 0 removals, 3 skipped

  - ...
  - Updating django (2.2 -> 3.0)
  - ...


Get this bounty!!!

#StackBounty: #docker #django #uwsgi uWSGI can't load config in Docker

Bounty: 100

I have a weird problem, which is probably related to my Dockerfile, but I fail to see it – I’ve tried different settings, but nothing helps. Here is my uwsgi.ini file:

[uwsgi]
strict = true

socket = 0.0.0.0:8000
protocol = http

module = my_django_project.wsgi
env = DJANGO_SETTINGS_MODULE=my_django_project.settings

master = true
enable-threads = true
vacuum = true
single-interpreter = true
die-on-term = true
need-app = true

harakiri = 60

max-requests = 1000
max-worker-lifetime = 3600
reload-on-rss = 2048
worker-reload-mercy = 60

cheaper-algo = busyness
processes = 128
cheaper = 8
cheaper-initial = 16
cheaper-overload = 1
cheaper-step = 16

cheaper-busyness-multiplier = 30
cheaper-busyness-min = 20
cheaper-busyness-max = 70
cheaper-busyness-backlog-alert = 16
cheaper-busyness-backlog-step = 2

static-map = /static=/static
route = ^/healthz/?$ donotlog:
route = ^/metrics/?$ donotlog:

# spooler setup
spooler = ./spooler
spooler-processes = 2
spooler-frequency = 10

When I’ll install all modules on my VM (CentOS) in the python virtual environment and run uwsgi --ini uwsgi.ini, everything works fine and I can see the following message in the console output:

*** dumping internal routing table ***
[rule: 0] subject: path_info regexp: ^/healthz/?$ action: donotlog:
[rule: 1] subject: path_info regexp: ^/metrics/?$ action: donotlog:
*** end of the internal routing table ***

Now, if I’ll run exactly the same in Docker, I’ll get the following error:

web_1_c2d4cafeeae0 | [uWSGI] getting INI configuration from uwsgi.ini
web_1_c2d4cafeeae0 | [strict-mode] unknown config directive: route

Here is my Dockerfile:

FROM python:3.7.5-alpine3.10

RUN set -ex && 
    apk update && 
    apk add postgresql-dev 
            gcc 
            make 
            python3-dev 
            musl-dev 
            linux-headers 
            libffi-dev 
            libxslt-dev 
            python-dev 
            libxml2 
            libxml2-dev 
            py3-lxml && 
    pip install --upgrade pip && 
    mkdir /sources

COPY . /sources
WORKDIR /sources

RUN pip install uwsgi==2.0.18 && pip install -e . && python manage.py collectstatic --noinput

EXPOSE 8000

CMD ["uwsgi", "--ini", "uwsgi.ini"]

I’ve tried different base images, different versions of the uwsgi (I got the same in virtual env, so it shouldn’t be the case).

The application works perfectly fine if I’ll remove the two route directives, but I need them since they are polluting my logs.

Why uwsgi doesn’t work as expected in Docker?


Get this bounty!!!