Re: tutorial site refers to a module which does not exist

2017-11-04 Thread knbk
Hi, What version of Django are you using? Starting in 1.9, the startapp command definitely creates an apps.py with a PollsConfig class, so you're likely using an older version of Django. You can either upgrade Django to 1.11 or use the tutorial for whichever version you have installed. Marte

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread knbk
s entirely. I hope this gives you a better understanding of how CSRF protection works in Django. If you have any more questions feel free to ask here or on IRC (nick: knbk). Marten [1] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Subm

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread knbk
How does using nginx protect against CSRF attacks? Marten On Tuesday, January 16, 2018 at 10:49:21 AM UTC+1, Etienne Robillard wrote: > > A much more practical way to improve security against XSRF attacks is > using nginx. > > Regards, > > Etienne > > Le 2018-01-16 à 04:38, James Bennett a écrit

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread knbk
go's CSRF middleware does provide protection for the remaining 40%. Marten [1] https://caniuse.com/#search=samesite On Tuesday, January 16, 2018 at 6:19:17 PM UTC+1, Etienne Robillard wrote: > > See this: https://www.owasp.org/index.php/SameSite > > Cheers, > > Etie

Re: (Another) Authentication Question

2016-04-23 Thread knbk
Hi Jason, Your form inputs in the login form are missing a name attribute, so the data you input into the form won't be sent to the server on submit. Without any data, the form is invalid, and is redisplayed. If you add the correct name attribute to the input tags, your form should work as expe

Re: [django1.9] Url template tag, dotted path and decorator

2016-04-24 Thread knbk
In order to reverse a view by its dotted path, Django needs to know the actual path of the function. It uses the magic view.__module__ and view.__name__ attributes to determine the name. If your decorator doesn't copy these attributes from the inner function to the decorated function, Django do

Re: New to Django (stuck at the end of the tutorial)

2016-04-26 Thread knbk
Since 1.9, admin.site.urls is a special case, and you should not use include(). If you do, you'll trigger some deprecation warnings due to changes to include(). On Tuesday, April 26, 2016 at 6:33:40 PM UTC+2, Nikhil Beniwal wrote: > > The Problem is in your line 21. > > admin.site.urls should

Re: Strange named parameter passing style

2016-12-15 Thread knbk
Python 2 does not support named arguments after *fields, and raises a SyntaxError. As long as Django supports Python 2, we're stuck with the current approach. I'm sure the new style will be used once Python 2 support is dropped. On Thursday, December 15, 2016 at 1:40:02 PM UTC+1, Alexey Gerasim

Re: Questions on Django queryset iterator - wrt select_related and prefetch_related and how it works

2017-03-17 Thread knbk
Django uses client-side cursors. 1.11, which is currently in beta, switches to server-side cursors on PostgreSQL [1], but other databases still use client-side cursors. When a client-side cursor executes a query, it loads all results in memory before the results can be accessed. But that's just

Re: ORM for structured Logs

2017-04-06 Thread knbk
Hi Thomas, The primary purpose of logging is to catch and examine errors. If something went wrong, you want to know *when *and *why*. Logging to a database increases the complexity and greatly increases the number of things that can go wrong. The last thing you want to find out when retracing a

Re: vs {{ form }}

2017-05-16 Thread knbk
On Tuesday, May 16, 2017 at 9:51:07 AM UTC+2, guettli wrote: > > > This is a basic fact, and AFAIK this basic question is not solved yet. > > {{ form }} * vs * {{ form }} > That question is actually answered by the documentation

Re: Same tutorial different day

2017-06-06 Thread knbk
You should move the `polls/` subdirectory to the outer `mysite/` directory, rather than the inner `mysite/mysite/` directory. The tutorial does actually say this, but admittedly it's easy to miss: Your apps can live anywhere on your Python path >

Re: A lot of Problems with Migrating (conceptual)

2017-08-18 Thread knbk
There are various reasons why you should never execute queries at startup. One you've seen: it makes it impossible to migrate a new database. Other reasons include that the choices are cached and are only renewed when the server restarts, and that when running tests, the query is executed before

Re: List of available Jinja2 global symbols

2015-11-22 Thread knbk
I don't believe there's a list in the documentation, but you can get them from the source code at https://github.com/django/django/blob/master/django/template/backends/jinja2.py#L66 : if request is not None: context['request'] = request context['csrf_input'] = csrf_input_lazy(request)

Re: AttributeError: 'RegexURLResolver' object has no attribute '_urlconf_module'

2015-11-23 Thread knbk
Python 3 displays the original exception alongside the new exception when a new exception occurs in an except block. The AttributeError is expected, so this doesn't tell you anything about what goes wrong. The second error occurs when importing `self.urlconf_name`. The traceback should point you

Re: Problem with login and register form

2015-11-25 Thread knbk
It's a good idea to use render() instead of render_to_response(), see https://docs.djangoproject.com/en/1.8/topics/http/shortcuts/#render. That will fix the issue with the CSRF token. render() takes the request as the first argument, and uses a RequestContext. This is needed to run the context

Re: Timezone import error

2015-11-29 Thread knbk
Hi Ahmed, When an error happens in an expect: block, python 3 shows the original error caught by the try/expect block, as well as the new error. In this case, the ImportError is the original error, and it's nothing you should worry about: Django catches it and handles it accordingly. Admittedly

Re: How to write Model.get_absolute_url()?

2015-12-07 Thread knbk
Namespaces are a mess, and have been for a while. 1.9 cleans this up a bit. Some advice for 1.8 to stay in line with the 1.9 changes: - Always define an application namespace when using an instance namespace. - An app shouldn't depend on the project's url configuration, so always us

Re: How to write Model.get_absolute_url()?

2015-12-07 Thread knbk
> > It seems a bit weird that that's not automatic. > That's what I thought, so it's automatic in 1.9. That still leaves the question of what Model.get_absolute_url() should do, > given that it has no way to get the current app that I can see. Thank you > for your very helpful comments though.

Re: SyntaxError: invalid syntax when installing Django from pip

2015-12-09 Thread knbk
This is an issue with setuptools 5.5.x. It is safe to ignore, or you can upgrade setuptools by upgrading pip: pip install -U pip On Wednesday, December 9, 2015 at 11:47:42 AM UTC+1, Chethan Kumar R wrote: > > Hi, all > > Im new to django, just now installed django through pip and got below > syn

Re: a bug in model.Manager.values_list?

2015-12-12 Thread knbk
Models and querysets are not serializeable using the default `json` tools, but Django provides its own set of tools that allow you to serialize models and querysets. Take a look at serializing django objects

Re: not clear about the name= part of url rooting

2015-12-13 Thread knbk
Django allows you to reconstruct urls with the reverse() function and {% url %} template tag. You can reverse the url for a view by passing the view function itself, but this is not very practical. By setting a name for a view, you can reverse the url by referencing this name instead. This allow

Re: application not recognized as URL namespace

2015-12-14 Thread knbk
Hi Axel, An installed application and a registered URL namespace are two distinct concepts. A URL namespace can only be defined by setting the app_name attribute in your urlconf. In this case, you haven't set a URL namespace for your authentication app, so your urls are not namespaced. Also, t

Re: application not recognized as URL namespace

2015-12-14 Thread knbk
Could you show your full root urls.py and authentication/urls.py? On Monday, December 14, 2015 at 3:22:14 PM UTC+1, axel...@chaos1.de wrote: > > Thanks for taking the time, > > > Am 14.12.2015 um 14:06 schrieb knbk >: > > Hi Axel, > > An installed application and

Re: application not recognized as URL namespace

2015-12-14 Thread knbk
reverse(). You should be able to reverse the url with: reverse('authentication:password_change') On Monday, December 14, 2015 at 3:53:24 PM UTC+1, axel...@chaos1.de wrote: > > > Am 14.12.2015 um 15:29 schrieb knbk >: > > Could you show your full root urls.py and authentica

Re: ModelForm.is_valid() doesn't work the first time but does the second

2016-01-03 Thread knbk
>>> uf = UsersForm(u) Here you are passing the user instance as if it were the POST data. The form expects a dictionary or None as the first argument. `form.is_bound` simply checks `data is not None`, which is True in this case. If you want a bound form, you should pass a dictionary with the

Re: ImportError: No module named security

2016-01-04 Thread knbk
Seems like you have SecurityMiddleware in your middleware settings, which wasn't added until 1.8. If you started your project on 1.8+. your default settings file would include the new middleware and cause this error on 1.7. On Tuesday, January 5, 2016 at 2:56:51 AM UTC+1, Gary Roach wrote: > >

Re: empty request object

2016-02-27 Thread knbk
The `__repr__` method on HttpRequest was simplified in 1.9[1]. It is not an accurate description of what is actually contained in the request, and I doubt it has anything to do with the actual issues you're facing. [1] https://docs.djangoproject.com/en/1.9/releases/1.9/#httprequest-details-in-

Re: empty request object

2016-02-27 Thread knbk
21:18 PM UTC+1, larry@gmail.com wrote: > > On Sat, Feb 27, 2016 at 5:14 PM, knbk > > wrote: > > The `__repr__` method on HttpRequest was simplified in 1.9[1]. It is not > an > > accurate description of what is actually contained in the request, and I > &

Re: empty request object

2016-02-29 Thread knbk
g me away from > > that red herring. But it seems request.user no longer exists. > > > > There is code that does this: > > > > if request.user.is_authenticated(): > > > > which throws: > > > > AttributeError: "'WSGIRequest'

Re: Problem with create new instance

2016-03-09 Thread knbk
Any reason you're not using `manage.py shell`? It automatically loads the Django environment, and supports IPython. On Wednesday, March 9, 2016 at 7:35:45 PM UTC+1, Dariusz Mysior wrote: > > Ok I have it. I put it to starting scripts > > W dniu środa, 9 marca 2016 18:48:15 UTC+1 użytkownik Dariu

Re: Getting NoReverseMatch at /logout/

2016-03-28 Thread knbk
On Monday, March 28, 2016 at 7:23:22 PM UTC+2, James Schneider wrote: > > That's not entirely accurate. It is perfectly valid to assign a name to an > included set of URL's. This creates a namespace for the URL's that are > being included. See here: > Actually, the name parameter is completely