We Keep Coding

Django rest raising error "The submitted data was not a file. Check the encoding type on the form." to angualar Http Client

The are any solutions to the problem but m not able to find the root cause and also to mention no of the solution is working in my case.
What I am trying to do is to upload a file to Django rest API from a angular Http Client Service.
I am taking up the input form the user passing to the service at the end I have declared a type specific for the type of model I am creating an object for but I am not getting the same error again and again.
I read some where that Django file uploader doesn't understand some char-set format but I still can't understand whats wrong with it.
var report = <CompleteReport> {
title:'heelo',
description:'sdfsdfs',
author: 'report',
article_upload_images: [uuid4(),],
presentation_upload_images: [uuid4(),],
report_article: article_object,
report_image: image_object,
report_podcast: podcast_object,
report_presentation: presentation_object,
report_video: video_object
};
let headers = new HttpHeaders({
'Accept': 'application/json'
});
let options = {headers: headers};
return this.http.post<any>(url, report, options)

How to add a bunch of defaults to python/django logging

I would like to add in the following for every log entry:
user
request_method
status
The only way I've seen to be able to do this is a bit of a hackish way, which is to pass them as args, because that's picked up by the django formatter (I don't see any place where you can pass kwargs -- https://docs.python.org/3/library/logging.html#formatter-objects). Here's an example:
log.info("hi", {"user": str(request.user)})
And the following formatter:
'format': '{"message": "%(message)s", "extra": "%(args)s"}',
When I parse the log I do something like this:
info = {
'message': message
}
data = ast.literal_eval(extra)
for k,v in extra.items():
info[k] = v
It seems pretty ghetto -- is there a better way to do this, for example, a way to get the kwargs in the formatter? When I try doing something like:
log.info("hi", extra = {"user": str(request.user)})
It either errors, or doesn't pass in the args (obviously).

I would do it by linking the request to the current thread of execution. Here's an example of how to do this:
https://nedbatchelder.com/blog/201008/global_django_requests.html
Then you can use get_request() in your logging handler to get the request, from which you can get the user. (I'm not sure what you mean by "status")

django-push-notification 401 unauthorised

I am trying to setup push notifications using the django-push-notifications, I have copied most of the code from the example. I have a button that calls the enablePushNotifications() function:
export function enablePushNotifications() {
console.log("enabling push notifications...");
if (!'serviceWorker' in navigator){
console.log("Push notifications not supported");
return;
}
navigator.serviceWorker.ready.then(
(registration)=>{
registration.pushManager.subscribe({
userVisibleOnly: true
}).then(
(sub)=>{
console.log(sub);
let endpointParts = sub.endpoint.split("/");
let registration_id = endpointParts[endpointParts.length - 1];
let data = {
'browser': loadVersionBrowser(navigator.userAgent).name.toUpperCase(),
'p256dh': btoa(String.fromCharCode.apply(null, new Uint8Array(sub.getKey('p256dh')))),
'auth': btoa(String.fromCharCode.apply(null, new Uint8Array(sub.getKey('auth')))),
'registration_id': registration_id,
'endpoint': sub.endpoint,
};
request(
"/api/subscribe",
data
)
}
).catch(
(error)=>console.error(error)
)
}
)
}
When I open the networking tab I don't see anything strange about the passed properties or headers. Specifically the browser value is correct. The implementation for the /api/subscribe URL is as follows:
import push_notifications.models as pushmodels
def registerPush(request):
data = requestFormatting.get_data(
request
)
device = pushmodels.WebPushDevice(
name=request.user.username,
active=True,
user=request.user,
registration_id=data["registration_id"],
p256dh=data["p256dh"],
auth=data["auth"],
browser=data["browser"]
)
device.save()
device.send_message("hello")
Calling this function raises a PushError: Push failed: 401 Unauthorized. I have tested on both chrome and firefox, both give the same error. I specify my FCM_API_KEY in settings, nothing else. I do not currently use VAPID, though I plan to in the future. I have tried various variations of the code, but nothing seems to work. The documentation is unclear on how to actually initialize devices, and I only picked a WebPushDevice objects since it seems to contain similar attributes as the data provided in the example.
This is my first time trying to use web push, so a little help would be much appreciated!

Using Python-social-auth the social-user is not being set in the pipeline

AttributeError at /complete/google-oauth2/
'NoneType' object has no attribute 'provider'
This happens with a new or already registered user at this line https://github.com/omab/python-social-auth/blob/master/social/actions.py#L69 and is a new problem. It appeared when I was playing around with a custom pipeline but it worked before, now reverting to the most basic python-social-auth set up doesn't work.
Even with a reloaded database and a refreshed syncdb. (This is Django 1.4.20, an old project we're upgrading).
The problem is clear, wherever in the default pipeline the social-user is meant to be set on user is not working, but I don't understand the python-social-auth code well enough and am going around in circles here. Any pointers or help would be much appreciated here.
The 500 that appears in my stack trace in case it's any help.
[23/Jul/2015 12:00:32] "GET /complete/google-oauth2/?state=MRFnOQG6Cv5Cmb1xqdcp53C33dDrFf7C&code=4/2bgjgYgxFtqB2c10BInigkigGfy4ZNOSYBqyHBUdLGo&authuser=0&prompt=consent&session_state=4c6c24bdd3100a506c4744be8ab9b793ed6399d5..a5f9 HTTP/1.1" 500 148571
This is the data that the code chokes on, it's obviously because some previous part of the pipeline doesn't put the "social_user" into user. But I don't know where it would be failing to do that, does someone more familiar with this have any suggestions where the default pipeline might fail?
partial None
is_authenticated False
args ()
is_new False
redirect_value ''
user <User: 4o5bb5o5>
social_user None
kwargs {}
login <function _do_login at 0xaef3de9c>
backend <social.backends.google.GoogleOAuth2 object at 0x9e68fac>
data <QueryDict: {u'state': [u'dwMOHkBxsVgvj4mwL54LXqihzJVYMWTV'], u'code': [u'4/fjOVlVyAK5mS_mcv7uHVWQsFycpjlbB_YOy4F7omIIY'], u'prompt': [u'none'], u'session_state': [u'ab65081ee8e4a3720d5963deced4cabc7b259a85..8f10'], u'authuser': [u'0']}>
redirect_name
'next'
When I then navigate to the home page I'm logged in fine with the gmail account. (Although some of the post_save functions that are meant to happen after create_user don't trigger, but I assume that's cos it crashed in the middle of the pipeline). Then when I log out and back in again it crashes again on the same page.

May be too late but this will help others.
I have used this in my custom app.
As shown here,
ID_KEY is set None
And here I saw with pdb ID_KEY is set id. Naturally this framework is expecting id as one of the key in response from server during user_data.
This is my custom backend looks like,
class CustomOAuth2(BaseOAuth2):
"""Custom OAuth authentication backend"""
name = 'Custom'
ID_KEY = 'email' #<===== SET THIS TO UNIQUE ATTRIBUTE IF ID IS NOT RETURNED
AUTHORIZATION_URL = 'https://auth.Custom.org/oauth2/authorize'
ACCESS_TOKEN_URL = 'https://auth.Custom.org/oauth2/token'
ACCESS_TOKEN_METHOD = 'POST'
REVOKE_TOKEN_URL = '= https://auth.Custom.org/oauth2/revoke'
REVOKE_TOKEN_METHOD = 'POST'
USER_DATA_URL = "https://api.Custom.org/user/"
SCOPE_SEPARATOR = ','
def get_user_details(self, response):
"""Return user details from Custom account"""
return {'username': response.get('login'),
'email': response.get('email') or '',
'first_name': response.get('name')}
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
try:
headers = {'Authorization': 'Bearer %s' %access_token}
headers['Accept'] = 'application/json'
response = requests.get(self.USER_DATA_URL, headers=headers)
d = json.loads(response.content)
return d
except ValueError:
return None

I got it working by commenting the lines 68 and 69 from actions.py that were causing the problem. I know this is not a solution, but if you need to get it working this can be some kind of a workaround

How do you use cookies and HTTP Basic Authentication in CherryPy?

I have a CherryPy web application that requires authentication. I have working HTTP Basic Authentication with a configuration that looks like this:
app_config = {
'/' : {
'tools.sessions.on': True,
'tools.sessions.name': 'zknsrv',
'tools.auth_basic.on': True,
'tools.auth_basic.realm': 'zknsrv',
'tools.auth_basic.checkpassword': checkpassword,
}
}
HTTP auth works great at this point. For example, this will give me the successful login message that I defined inside AuthTest:
curl http://realuser:realpass#localhost/AuthTest/
Since sessions are on, I can save cookies and examine the one that CherryPy sets:
curl --cookie-jar cookie.jar http://realuser:realpass#localhost/AuthTest/
The cookie.jar file will end up looking like this:
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE / FALSE 1348640978 zknsrv 821aaad0ba34fd51f77b2452c7ae3c182237deb3
However, I'll get an HTTP 401 Not Authorized failure if I provide this session ID without the username and password, like this:
curl --cookie 'zknsrv=821aaad0ba34fd51f77b2452c7ae3c182237deb3' http://localhost/AuthTest
What am I missing?
Thanks very much for any help.

So, the short answer is you can do this, but you have to write your own CherryPy tool (a before_handler), and you must not enable Basic Authentication in the CherryPy config (that is, you shouldn't do anything like tools.auth.on or tools.auth.basic... etc) - you have to handle HTTP Basic Authentication yourself. The reason for this is that the built-in Basic Authentication stuff is apparently pretty primitive. If you protect something by enabling Basic Authentication like I did above, it will do that authentication check before it checks the session, and your cookies will do nothing.
My solution, in prose
Fortunately, even though CherryPy doesn't have a way to do both built-in, you can still use its built-in session code. You still have to write your own code for handling the Basic Authentication part, but in total this is not so bad, and using the session code is a big win because writing a custom session manager is a good way to introduce security bugs into your webapp.
I ended up being able to take a lot of things from a page on the CherryPy wiki called Simple authentication and access restrictions helpers. That code uses CP sessions, but rather than Basic Auth it uses a special page with a login form that submits ?username=USERNAME&password=PASSWORD. What I did is basically nothing more than changing the provided check_auth function from using the special login page to using the HTTP auth headers.
In general, you need a function you can add as a CherryPy tool - specifically a before_handler. (In the original code, this function was called check_auth(), but I renamed it to protect().) This function first tries to see if the cookies contain a (valid) session ID, and if that fails, it tries to see if there is HTTP auth information in the headers.
You then need a way to require authentication for a given page; I do this with require(), plus some conditions, which are just callables that return True. In my case, those conditions are zkn_admin(), and user_is() functions; if you have more complex needs, you might want to also look at member_of(), any_of(), and all_of() from the original code.
If you do it like that, you already have a way to log in - you just submit a valid session cookie or HTTPBA credentials to any URL you protect with the #require() decorator. All you need now is a way to log out.
(The original code instead has an AuthController class which contains login() and logout(), and you can use the whole AuthController object in your HTTP document tree by just putting auth = AuthController() inside your CherryPy root class, and get to it with a URL of e.g. http://example.com/auth/login and http://example.com/auth/logout. My code doesn't use an authcontroller object, just a few functions.)
Some notes about my code
Caveat: Because I wrote my own parser for HTTP auth headers, it only parses what I told it about, which means just HTTP Basic Auth - not, for example, Digest Auth or anything else. For my application that's fine; for yours, it may not be.
It assumes a few functions defined elsewhere in my code: user_verify() and user_is_admin()
I also use a debugprint() function which only prints output when a DEBUG variable is set, and I've left these calls in for clarity.
You can call it cherrypy.tools.WHATEVER (see the last line); I called it zkauth based on the name of my app. Take care NOT to call it auth, or the name of any other built-in tool, though .
You then have to enable cherrypy.tools.WHATEVER in your CherryPy configuration.
As you can see by all the TODO: messages, this code is still in a state of flux and not 100% tested against edge cases - sorry about that! It will still give you enough of an idea to go on, though, I hope.
My solution, in code
import base64
import re
import cherrypy
SESSION_KEY = '_zkn_username'
def protect(*args, **kwargs):
debugprint("Inside protect()...")
authenticated = False
conditions = cherrypy.request.config.get('auth.require', None)
debugprint("conditions: {}".format(conditions))
if conditions is not None:
# A condition is just a callable that returns true or false
try:
# TODO: I'm not sure if this is actually checking for a valid session?
# or if just any data here would work?
this_session = cherrypy.session[SESSION_KEY]
# check if there is an active session
# sessions are turned on so we just have to know if there is
# something inside of cherrypy.session[SESSION_KEY]:
cherrypy.session.regenerate()
# I can't actually tell if I need to do this myself or what
email = cherrypy.request.login = cherrypy.session[SESSION_KEY]
authenticated = True
debugprint("Authenticated with session: {}, for user: {}".format(
this_session, email))
except KeyError:
# If the session isn't set, it either wasn't present or wasn't valid.
# Now check if the request includes HTTPBA?
# FFR The auth header looks like: "AUTHORIZATION: Basic <base64shit>"
# TODO: cherrypy has got to handle this for me, right?
authheader = cherrypy.request.headers.get('AUTHORIZATION')
debugprint("Authheader: {}".format(authheader))
if authheader:
#b64data = re.sub("Basic ", "", cherrypy.request.headers.get('AUTHORIZATION'))
# TODO: what happens if you get an auth header that doesn't use basic auth?
b64data = re.sub("Basic ", "", authheader)
decodeddata = base64.b64decode(b64data.encode("ASCII"))
# TODO: test how this handles ':' characters in username/passphrase.
email,passphrase = decodeddata.decode().split(":", 1)
if user_verify(email, passphrase):
cherrypy.session.regenerate()
# This line of code is discussed in doc/sessions-and-auth.markdown
cherrypy.session[SESSION_KEY] = cherrypy.request.login = email
authenticated = True
else:
debugprint ("Attempted to log in with HTTBA username {} but failed.".format(
email))
else:
debugprint ("Auth header was not present.")
except:
debugprint ("Client has no valid session and did not provide HTTPBA credentials.")
debugprint ("TODO: ensure that if I have a failure inside the 'except KeyError'"
+ " section above, it doesn't get to this section... I'd want to"
+ " show a different error message if that happened.")
if authenticated:
for condition in conditions:
if not condition():
debugprint ("Authentication succeeded but authorization failed.")
raise cherrypy.HTTPError("403 Forbidden")
else:
raise cherrypy.HTTPError("401 Unauthorized")
cherrypy.tools.zkauth = cherrypy.Tool('before_handler', protect)
def require(*conditions):
"""A decorator that appends conditions to the auth.require config
variable."""
def decorate(f):
if not hasattr(f, '_cp_config'):
f._cp_config = dict()
if 'auth.require' not in f._cp_config:
f._cp_config['auth.require'] = []
f._cp_config['auth.require'].extend(conditions)
return f
return decorate
#### CONDITIONS
#
# Conditions are callables that return True
# if the user fulfills the conditions they define, False otherwise
#
# They can access the current user as cherrypy.request.login
# TODO: test this function with cookies, I want to make sure that cherrypy.request.login is
# set properly so that this function can use it.
def zkn_admin():
return lambda: user_is_admin(cherrypy.request.login)
def user_is(reqd_email):
return lambda: reqd_email == cherrypy.request.login
#### END CONDITIONS
def logout():
email = cherrypy.session.get(SESSION_KEY, None)
cherrypy.session[SESSION_KEY] = cherrypy.request.login = None
return "Logout successful"
Now all you have to do is enable both builtin sessions and your own cherrypy.tools.WHATEVER in your CherryPy configuration. Again, take care not to enable cherrypy.tools.auth. My configuration ended up looking like this:
config_root = {
'/' : {
'tools.zkauth.on': True,
'tools.sessions.on': True,
'tools.sessions.name': 'zknsrv',
}
}