python - Django QueryDict empty with request.POST but populated in request.GET -

-

short version: on django site, can grab values request.get not request.post in response request twilio. suspect has csrf, i'm not sure how debug problem. details below.

long version: helping friend project running medical survey on sms using twilio rest api. had domain , bare-bones django-built site on domain, had built better familiarize myself django, we're using that.

we're collecting sms responses our survey , part of twilio api, sends response our number url specified under account, have response targeting following:

...mydomain.com/some_page/another_page/

the twilio request looks following:

...mydomain.com/some_page/another_page/?accountsid=###some_long_account_side&from=%2bphone_number&body=bla+bla+bla+bla&smssid=##message_id_key&smsmessagesid=##message_id_key&fromcity=santa+cruz&fromstate=california...

working code

i testing incoming request has our accountsid inside (compared value in database) , in views.py app, have looks following (and works):

from our_app import twilioaccount our_account = twilioaccount.objects.get(id=1)  def twilio_response(request):     assert request.get.get('accountsid', none) == our_account.account_sid     ## log incoming request database under survey responses...

non-working code

if log-in our twilio account , switch request method post, , switch of my data collecting request.post, above assert statement fails. further debugging reveals querydict empty under post, post: {}, there no key value grabbed.

i thought maybe because post under django requires csrf_token, figured checking accountsid good, imported csrf_exempt , wrapped above function that:

@csrf_exempt def twilio_response(request):     assert request.post.get('accountsid', none) == our_account.account_sid     ## log incoming request database under survey responses...  assertionerror: ...

this not work exact same request: querydict empty.

questions:

1) there else need make @csrf_exempt work? alternate question: is terrible , dumb way this? how people satisfy requirement when working other company's apis , not actual, logged-in users?

1a) instead of making csrf_exempt, keep get request, knowing it's still checking incoming requests against our account_sid. should or naive way it?

2) eager learn best way this: should build django form , route request form , test validity , clean data way? if so, can give me loose outline on view/form (complete csrf_token) when there's not going template form?

matt twilio developer evangelist team here.

1) wrapping twilio_response function @csrf_exempt remove django csrf token check right way go here. twilio not generate django csrf token. instead, there other ways validate posts coming twilio, such signature validation x-twilio-signature header. see twilio security docs details.

1a) using request convenient testing , debugging, post should used in production. requests not have body according http spec, results passed in query string. if parameters large, example text message has maximum length of 1600 characters, query string in url exceed maximum length of url , potentially cause issues when handle string.

2) django forms way go use case, particularly modelform leverages existing model used save response. example, modelform following if saving data twiliomessage model:

from django.forms import modelform .models import twiliomessage   class messageform(modelform):     pass      class meta:         model = reactionevent         # include fields you're saving form here         fields = ['body', 'to', 'from_', 'signature',]

Comments

Post a Comment

Popular posts from this blog

ios - UICollectionView Self Sizing Cells with Auto Layout -

-
Image
i'm trying self sizing uicollectionviewcells working auto layout, can't seem cells size content. i'm having trouble understanding how cell's size updated contents of what's inside cell's contentview. here's setup i've tried: custom uicollectionviewcell uitextview in contentview. scrolling uitextview disabled. the contentview's horizontal constraint is: "h:|[_textview(320)]", i.e. uitextview pinned left of cell explicit width of 320. the contentview's vertical constraint is: "v:|-0-[_textview]", i.e. uitextview pinned top of cell. the uitextview has height constraint set constant uitextview reports fit text. here's looks cell background set red, , uitextview background set blue: i put project i've been playing on github here . updated ios 9 after seeing github solution break under ios 9 got time investigate issue fully. have updated repo include several examples of different configurations s
Read more

node.js - ldapjs - write after end error -

-
i have created authentication service using following code in node.js , ldapjs. var when = require ('when'); var authenticationerror = require('../errors/authenticationerror'); var sessionmanagerservice = require('./sessionmanagerservice'); var ldap = require('ldapjs'); var client = ldap.createclient({ url: 'ldaps://ad.mycompany.com:636', tlsoptions: {'rejectunauthorized': false} }); module.exports = { signin: function (email, password) { return this.ldapbind(email, password).then( function () { return sessionmanagerservice.createsessionhash({email: email}); } ); }, ldapbind: function (email, password) { var deferred = when.defer(); client.bind(email, password, function(err) { if (err) { deferred.reject (new authenticationerror('invalid username and/or password!', 'authentication.signin.error')
Read more

DOM Manipulation in Wordpress (and elsewhere) using php -

-
DOM Manipulation in Wordpress (and elsewhere) using php - i'm quite new dom manipulation world , head start in order avoid mutual errors. i looking efficient way manipulate content generated wordpress using php. @ moment using simple html dom seems work fine. found domdocument , few others , helpfull if cleared out 1 faster, improve or @ to the lowest degree generate less errors in case of bad markup. also on side can explain syntax (instead of $html @$html) thank much php wordpress domdocument simple-html-dom
Read more