Feeds

My Akademy Plans

Planet KDE - Mon, 2017-05-22 05:21

The Akademy programme (saturday, sunday) is actually pretty long; the conference days stretch into feels-like-evening to me. Of course, the Dutch are infamous for being “6pm at the dinner table, and eat potatoes” so my notion of evening may not match what works on the Mediterranean coast. Actually, I know it doesn’t since way back when at a Ubuntu Developer Summit in Sevilla it took some internal-clock-resetting to adjust to dinner closer to midnight than 18:00.

Foreseen clock-adjustment difficulties aside, I have a plan for Akademy.

  • Attend a bunch of talks. Telemetry / User Feedback sounds like a must-see for me, and lightning talks, and Input Methods is something I know nothing about and should (hey, my work-work application is Latin-1 only and therefore can’t even represent the names of all of its developers properly, and that in 2017), and the analysing code and fuzzing talk connects way back to the English Breakfast Network days of KDE Code Quality.
  • Hammer (and saw, and sand, and paint) on the KDE CI for FreeBSD; this will involve a fair amount of futzing with the base system, but also gently pushing changes to a whole bunch of repositories. KDE Frameworks 5 are mostly blue / yellow. It’s time to start adding higher layers of the software stack to the whole.
  • BoF it up around CMake, FreeBSD, CI, and LDAP.
  • Have fun at the day trip.
Categories: FLOSS Project Planets

Django Weekly: Django Weekly Issue 39 - GraphQL, context processor, DRF and more

Planet Python - Mon, 2017-05-22 04:41
Worthy Read
How to Use GraphQL with DjangoIn this article, we will describe on how to use GraphQL with Django. In this guide, you will see code sample and examples of implementation for Python.
GraphQL
How to make your Django context processors lazyIf you came here, you probably know what is a context processor, but let's quickly recap. It's a function, that returns dictionary of values. Those values will be injected to rendering context without explicitly defining them in view. They allows us to refactor commonly used variables out of views.
optimization
Catch Errors Before Your Users DoFull-stack error monitoring and analytics for developers. Users finding bugs? Searching logs for errors? Find + fix broken code fast!
sponsor
Tips for Building High-Quality Django Apps at ScaleTo continue to scale, we’ve also started to migrate our monolithic app towards a microservices architecture. We’ve learned a lot about what works well and what doesn’t with Django, and hope we can share some useful tips on how to work with this popular web framework.
scaling
Django REST framework - 3.6.33.6.3 release of django rest framework
DRF
Fastest Redis configuration for DjangoI have an app that does a lot of Redis queries. It all runs in AWS with ElastiCache Redis. Due to the nature of the app, it stores really large hash tables in Redis. The application then depends on querying Redis for these. The question is; What is the best configuration possible for the fastest service possible?
redis, caching
Django Developer PanelDjango Developer Panel is a Google Chrome extension paired with a piece of Django middleware that highlights helpful data to assist in the debugging and construction of Django applications. It was inspired heavily by, and some portions of the middleware code derived from, the very popular Django Debug Toolbar plugin, as well as the Ember Inspector plugin.
debugging, web application

Projects
django-notifyAll - 154 Stars, 4 ForkA library which can be used for all types of notifications like SMS, Mail, Push.
django-migrations-graph - 13 Stars, 0 ForkDjango-admin command to display migrations with dependencies.
django-json-widget - 7 Stars, 0 ForkAn alternative widget that makes it easy to edit the new Django's field JSONField (PostgreSQL specific model fields)
django-export-csv - 5 Stars, 0 ForkCSV exporter for Django this tool create a shortcut to render a queryset to a CSV steaming HTTP response.
django-messages-to-bootstrap-notify - 3 Stars, 0 ForkShow django messages using bootstrap-notify
Categories: FLOSS Project Planets

Import Python: ImportPython Issue 125 - How to Publish Your Package on PyPI and more

Planet Python - Mon, 2017-05-22 04:37
Worthy Read
How to Publish Your Package on PyPI? When you’ve written some great code, you might want to make this available for others to use as well. The pythonic way of sharing a package is making it available on PyPI. Let’s create a simple package and go through the process of publishing it!
pypi
Catch Errors Before Your Users Do - Full-stack error monitoring and analytics for developers Users finding bugs? Searching logs for errors? Find + fix broken code fast!.
sponsor
Python Testing with pytest: Simple, Rapid, Effective, and Scalable by Brian Okken | The Pragmatic Bookshelf Do less work when testing your Python code, but be just as expressive, just as elegant, and just as readable. The pytest testing framework helps you write tests quickly and keep them readable and maintainable—with no boilerplate code. Using a robust yet simple fixture model, it’s just as easy to write small tests with pytest as it is to scale up to complex functional testing for applications, packages, and libraries. This book shows you how.
testing, book
Python Goes To The Movies with Dhruv Govil Movies are magic, and Python is part of what makes that magic possible. We go behind the curtain this week with Dhruv Govil to learn about how Python gets used to bring a movie from concept to completion. He shares the story of how he got started in film, the tools that he uses day to day, and some resources for further learning.
podcast
Building a ML classifier on NY city taxi data to predict no tips vs generous tips with Python I demonstrate the power of the Google BigQuery engine by building a classifier which will predict whether a NY city taxi ride will result in a generous tip or no tip at all. As part of doing this I explore the dataset and look at relationships in the dataset. I also visualize the pickups around the city and the result is a scatterplot which essentially draws the city streets of NY.
bigquery, datawarehouse
Using Python and Google Docs to Build Books Daniel ( Co-Author of Two Scoops of Django ) shares how he put Python ( python-docx library ) along with Google Docs to create his latest self-published fiction book.
docx
Make Sublime Text as the best IDE for full stack python development sublime3
Train/Test Split and Cross Validation in Python data science
Argparse vs Click Command line arguments processing library.
CLI
Definitive guide to python on Mac OSX installation, macos-x
Modern Face Detection based on Deep Learning using Python and Mxnet In this post, we’ll discuss and illustrate a fast and robust method for face detection using Python and Mxnet.
machine learning
Text Analysis with South Park — Part 1: TF-IDF I noticed recently that Kaggle has an interesting dataset?—?70,000 lines of South Park dialogue. It’s nicely labelled by episode and character. I figured it would be a good practical test for the TF-IDF tools in scikit learn that I’ve been wanting to try recently.
machine learning
Using Python Generator to Monitor Data David Beazley demonstrates how to use a generator in Python to watch real-time data sources. This is an excerpt from the Pearson video course "Python Programming Language".
videos
Spelling with Elemental Symbols Sitting in my 5-hour-long chemistry class, my gaze would often drift over to the periodic table posted on the wall. To pass the time, I began to try finding words I could spell using only the symbols of the elements on the periodic table. Some examples: ScAlEs, FeArS, ErAsURe, WAsTe, PoInTlEsSnEsS, MoISTeN, SAlMoN, PuFFInEsS. I wondered what the longest such word was ('TiNTiNNaBULaTiONS' was the longest one I could come up with). Then I started thinking about how nice it would be to have a tool that could find the elemental spellings of any word. I decided to write a Python program.
codesnippet
lambda, map and filter in Python lambda operator or lambda function is used for creating small, one-time and anonymous function objects in Python.
core-python, lamda, map, filter
Simple demo of Pandas DataFrames and MultiIndex Pandas Dataframes generally have an "index", one column of a dataset that gives the name for each row. It works like a primary key in a database table. But Pandas also supports a MultiIndex, in which the index for a row is some composite key of several columns. It's quite confusing at first, here's a simple demo of creating a multi-indexed DataFrame and then querying subsets with various syntax.
pandas
Python + Docker: From development to production: Episode I dockers
Developing a Pricing Strategy to Maximize Revenue Turns out, selling lemonade is a perfect scenario to introduce dynamic pricing and price optimization techniques. In this post, we'll be finding an optimal price for our glasses of lemonade using some basic methodology in Python in order to maximize our revenue.
numpy, pandas, scipy
Pandas and Python Real World Project (GPS data) Analysis and plotting of GPS data using pandas
pandas
Top 15 Python Libraries for Data Science in 2017 As Python has gained a lot of traction in the recent years in Data Science industry, I wanted to outline some of its most useful libraries for data scientists and engineers, based on recent experience. And, since all of the libraries are open sourced, we have added commits, contributors count and other metrics from Github, which could be served as a proxy metrics for library popularity.
data science
Inspect PCAP Files Using AWS Lambda AWS Lambda is a service that allows you to run code without provisioning a server. This has some interesting possibilities especially when processing data asynchronously. When I first started learning about Lambda most of the examples were about resizing images. I work with PCAP files on a daily basis and have used scapy for several years so thought it would be a good experiment to use Lambda to do some simple PCAP inspection.
aws, lamda, pcap, scapy

Projects
tbvaccine - 164 Stars, 5 Fork A small utility to pretty-print Python tracebacks.
How_to_simulate_a_self_driving_car - 41 Stars, 13 Fork This is the code for "How to Simulate a Self-Driving Car" by Siraj Raval on Youtube.
now.httpbin.org - 15 Stars, 0 Fork An API (for Humans) for converting timestamps.
Dagon - 11 Stars, 1 Fork Advanced Hash Manipulation
DocumentClassification - 4 Stars, 1 Fork This code implements a sample CNN model for document classification with tensorflow.
sqline - 4 Stars, 0 Fork Simple command line tool to query databases
flexicon - 3 Stars, 0 Fork A lightweight, regex-based lexer framework for Python.
Categories: FLOSS Project Planets

La Drupalera (en): How To Create a Custom Format for a Date Field

Planet Drupal - Mon, 2017-05-22 04:33

In this post, you will learn how to create a custom date format for Drupal 7.

Read more
Categories: FLOSS Project Planets

First month report: my feelings about gsoc

Planet KDE - Mon, 2017-05-22 04:12

Hi, I'm Davide and I'm 22.
I was born on May 17th so I'm considering being accepted by KDE as a little gift.
The first month is usually related to "Community Bonding". What does it mean?

First of all, I created this blog. Here I'll post updates about Chat Bridge (now renamed to Brooklyn) and myself.
Then, I retrieved my KDE Identity account. The main problem was that I've lost my username.
So I wrote to sysadmin@kde.org and five minutes after the username was no longer a problem.
Shortly after I've done a lot of stuff, but I don't want to bother my readers.

After this boring to-do list, I've contacted my mentor to keep him updated.
We decided to start the development of the application and we defined how the app configuration file should be.
It is obviously open-source, you can use it for your projects! For now, it works only on IRC/Telegram but it will support soon also Rocketchat.It can also only support plain text, but it's temporary, don't worry.

I'm planning (but I've not decided yet because of university exams) to go to Akademy 2017 with some guys at WikiToLearn.
I can't wait to start coding!

What do you think about this project?
Do you have plans to use it?
Don't be shy, write me everything you want!


External links:

Categories: FLOSS Project Planets

Code Positive: Rich Snippets & Structured data

Planet Drupal - Mon, 2017-05-22 04:05

The benefits of Rich snippets and how to implement structured data in Drupal 8 to enhance the way your pages are listed by search engines.

READ MORE

 

Categories: FLOSS Project Planets

Gocept Weblog: See you on PyConWeb in Munich?

Planet Python - Mon, 2017-05-22 03:54

The gocept team will join PyConWeb 2017 in Munich from 27th to 28th of May – hey, this is is less than one week from now! It seems that there are still tickets available.

I myself will present RestrictedPython – or how to port to Python 3 without porting dependencies on Saturday at 3 p. m.

See you in Munich!


Categories: FLOSS Project Planets

Catalin George Festila: Make one executable from a python script.

Planet Python - Mon, 2017-05-22 02:20
The official website of this tool told us:
PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. PyInstaller supports Python 2.7 and Python 3.3+, and correctly bundles the major Python packages such as numpy, PyQt, Django, wxPython, and others.

PyInstaller is tested against Windows, Mac OS X, and Linux. However, it is not a cross-compiler: to make a Windows app you run PyInstaller in Windows; to make a Linux app you run it in Linux, etc. PyInstaller has been used successfully with AIX, Solaris, and FreeBSD, but is not tested against them.

The manual of this tool can be see it here.
C:\Python27>cd Scripts

C:\Python27\Scripts>pip install pyinstaller
Collecting pyinstaller
Downloading PyInstaller-3.2.1.tar.bz2 (2.4MB)
100% |################################| 2.4MB 453kB/s
....
Collecting pypiwin32 (from pyinstaller)
Downloading pypiwin32-219-cp27-none-win32.whl (6.7MB)
100% |################################| 6.7MB 175kB/s
...
Successfully installed pyinstaller-3.2.1 pypiwin32-219Also this will install PyWin32 python module.
Let's make one test python script and then to make it executable.
I used this python script to test it:
from tkinter import Tk, Label, Button

class MyFirstGUI:
def __init__(self, master):
self.master = master
master.title("A simple GUI")

self.label = Label(master, text="This is our first GUI!")
self.label.pack()

self.greet_button = Button(master, text="Greet", command=self.greet)
self.greet_button.pack()

self.close_button = Button(master, text="Close", command=master.quit)
self.close_button.pack()

def greet(self):
print("Greetings!")

root = Tk()
my_gui = MyFirstGUI(root)
root.mainloop()The output of the command of pyinstaller:
C:\Python27\Scripts>pyinstaller.exe --onefile --windowed ..\tk_app.py
92 INFO: PyInstaller: 3.2.1
92 INFO: Python: 2.7.13
93 INFO: Platform: Windows-10-10.0.14393
93 INFO: wrote C:\Python27\Scripts\tk_app.spec
95 INFO: UPX is not available.
96 INFO: Extending PYTHONPATH with paths
['C:\\Python27', 'C:\\Python27\\Scripts']
96 INFO: checking Analysis
135 INFO: checking PYZ
151 INFO: checking PKG
151 INFO: Building because toc changed
151 INFO: Building PKG (CArchive) out00-PKG.pkg
213 INFO: Redirecting Microsoft.VC90.CRT version (9, 0, 21022, 8) -> (9, 0, 30729, 9247)
2120 INFO: Building PKG (CArchive) out00-PKG.pkg completed successfully.
2251 INFO: Bootloader c:\python27\lib\site-packages\PyInstaller\bootloader\Windows-32bit\runw.exe
2251 INFO: checking EXE
2251 INFO: Rebuilding out00-EXE.toc because tk_app.exe missing
2251 INFO: Building EXE from out00-EXE.toc
2267 INFO: Appending archive to EXE C:\Python27\Scripts\dist\tk_app.exe
2267 INFO: Building EXE from out00-EXE.toc completed successfully.Then I run the executable output:
C:\Python27\Scripts>C:\Python27\Scripts\dist\tk_app.exe

C:\Python27\Scripts>...and working well.

The output file come with this icon:

Also you can make changes by using your icons or set the type of this file, according to VS_FIXEDFILEINFO structure.
You need to have the icon file and / or version.txt file for VS_FIXEDFILEINFO structure.
Let's see the version.txt file:
# UTF-8
#
# For more details about fixed file info 'ffi' see:
# http://msdn.microsoft.com/en-us/library/ms646997.aspx
VSVersionInfo(
ffi=FixedFileInfo(
# filevers and prodvers should be always a tuple with four items: (1, 2, 3, 4)
# Set not needed items to zero 0.
filevers=(2017, 1, 1, 1),
prodvers=(1, 1, 1, 1),
# Contains a bitmask that specifies the valid bits 'flags'
mask=0x3f,
# Contains a bitmask that specifies the Boolean attributes of the file.
flags=0x0,
# The operating system for which this file was designed.
# 0x4 - NT and there is no need to change it.
OS=0x4,
# The general type of file.
# 0x1 - the file is an application.
fileType=0x1,
# The function of the file.
# 0x0 - the function is not defined for this fileType
subtype=0x0,
# Creation date and time stamp.
date=(0, 0)
),
kids=[
StringFileInfo(
[
StringTable(
u'040904b0',
[StringStruct(u'CompanyName', u'python-catalin'),
StringStruct(u'ProductName', u'test'),
StringStruct(u'ProductVersion', u'1, 1, 1, 1'),
StringStruct(u'InternalName', u'tk_app'),
StringStruct(u'OriginalFilename', u'tk_app.exe'),
StringStruct(u'FileVersion', u'2017, 1, 1, 1'),
StringStruct(u'FileDescription', u'test tk'),
StringStruct(u'LegalCopyright', u'Copyright 2017 free-tutorials.org.'),
StringStruct(u'LegalTrademarks', u'tk_app is a registered trademark of catafest.'),])
]),
VarFileInfo([VarStruct(u'Translation', [0x409, 1200])])
]
)Now you can use this command for tk_app.py and version.txt files from the C:\Python27 folder:
pyinstaller.exe --onefile --windowed --version-file=..\version.txt ..\tk_app.pyLet's see this info into the executable file:

If you wand to change the icon then you need to add the --icon=tk_app.ico, where tk_app.ico is the new icon of the executable.



Categories: FLOSS Project Planets

Catalin George Festila: Updating all Python with pip on Windows OS.

Planet Python - Mon, 2017-05-22 01:35
Just use this python module named pip-review.
C:\Python27\Scripts>pip install pip-review
C:\Python27\Scripts>pip-review.exe --auto --verbose
Checking for updates of ...
Categories: FLOSS Project Planets

Catalin George Festila: The pycrypto python module - part 001.

Planet Python - Mon, 2017-05-22 00:45
This python module name pycrypto is a collection of Python Cryptography Toolkit.
This python module has been created by Andrew Kuchling and now maintained by Dwayne C. Litzenberger.
Let's install under Windows 10 OS using Command Prompt (Admin) shell.
C:\WINDOWS\system32>cd ..

C:\Windows>cd ..

C:\>cd Python27\Scripts

C:\Python27\Scripts>pip install pycrypto
Requirement already satisfied: pycrypto in c:\python27\lib\site-packagesSome info and help under python shell can be see using this:
C:\Python27>python.exe
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:42:59) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import Crypto
>>> dir(Crypto)
['__all__', '__builtins__', '__doc__', '__file__', '__name__', '__package__', '__path__',
'__revision__', '__version__', 'version_info']
>>> help(Crypto)
Help on package Crypto:

NAME
Crypto - Python Cryptography Toolkit

FILE
c:\python27\lib\site-packages\crypto\__init__.py

DESCRIPTION
A collection of cryptographic modules implementing various algorithms
and protocols.

Subpackages:

Crypto.Cipher
Secret-key (AES, DES, ARC4) and public-key encryption (RSA PKCS#1) algorithms Crypto.Hash
Hashing algorithms (MD5, SHA, HMAC)
Crypto.Protocol
Cryptographic protocols (Chaffing, all-or-nothing transform, key derivation
functions). This package does not contain any network protocols.
Crypto.PublicKey
Public-key encryption and signature algorithms (RSA, DSA)
Crypto.Signature
Public-key signature algorithms (RSA PKCS#1)
Crypto.Util
Various useful modules and functions (long-to-string conversion, random number
generation, number theoretic functions)

PACKAGE CONTENTS
Cipher (package)
Hash (package)
Protocol (package)
PublicKey (package)
Random (package)
SelfTest (package)
Signature (package)
Util (package)
pct_warnings

DATA
__all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signatu...
__revision__ = '$Id$'
__version__ = '2.6.1'

VERSION
2.6.1Let's test some examples with this python module.
First example come with encrypt and decrypt message based one key.
The key also is need to be one encryption key and fix to key32.
The iv will not be specified by user, it will be generated and then encrypted with RSA.
NEVER make the IV constant and unique, it must be unique for every message.
Let's see the example source code:
from Crypto.Cipher import AES
from Crypto import Random
def encrypt(key32,message):
cipher=AES.new(key32,AES.MODE_CFB,iv)
msg=cipher.encrypt(message)
print(msg)
return msg
def decrypt(key32,msg):
dec=AES.new(key32,AES.MODE_CFB,iv)
return dec.decrypt(msg).decode('ascii')
if __name__=='__main__':
global iv
iv=Random.new().read(AES.block_size)
key='free-tutorials.org'
key32 = "".join([ ' ' if i >= len(key) else key[i] for i in range(32) ])
message='another website with free tutorials'
enc =encrypt(key32, message)
print enc
print(decrypt(key32,enc))The result output is this:
ᄚ Cᆪ゚2 ᄊÕ|ýXÍ ᄇNäÇ3ヨ゙Lマᆱuï: ù メNᄚm
ᄚ Cᆪ゚2 ᄊÕ|ýXÍ ᄇNäÇ3ヨ゙Lマᆱuï: ù メNᄚm
another website with free tutorials

Another more simplistic example:
from Crypto.Cipher import AES
from Crypto import Random
key = b'Sixteen byte key'
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
msg = iv + cipher.encrypt(b'Attack at dawn')See the output of variables:
>>> print key
Sixteen byte key
>>> print iv
ÔÄ▀DÒ ÕØ} m║dÕ╚\
>>> print cipher.encrypt(b'Attack at dawn')
åÌ£┴\u\ÍÈSÕ╦╔.Using MD5 example:
>>> from Crypto.Hash import MD5
>>> MD5.new('free text').hexdigest()
'be9420c1596a781119c53a9933a8234f'Using RSA key example:
>>> from Crypto.PublicKey import RSA
>>> from Crypto import Random
>>> rng = Random.new().read
>>> RSAkey = RSA.generate(1024, rng)
>>> public_key = RSAkey.publickey()
>>> print public_key
_RSAobj @0x3650b98 n(1024),e>
>>> enc_data = public_key.encrypt('test data', 32)[0]
>>> print enc_data
H +îÕÊ ÙH:?ª2S½Fã0á! f¬ = ·+,Í0r³┐o·¼ÉlWy¿6ôên(£jê¿ ╦çª|*°q Ò4ì┌çÏD¦¿╝û╠╠MY¶ïzµ>©a}hRô ]í;
_[v¸¤u:2¦y¾/ ²4R╩HvéÌ'÷Ç)KT:P _<! D
>>> dec_data = RSAkey.decrypt(enc_data)
>>> print dec_data
test data Encrypted and decrypted output texts may look different depending on how encoded the used text editor or python language.



Categories: FLOSS Project Planets

Polyglot.Ninja(): Django REST Framework: Authentication and Permissions

Planet Python - Sun, 2017-05-21 19:19

In our last post about ViewSet, ModelViewSet and Router, we saw how easily we can create REST APIs with the awesome Django REST Framework. In this blog post, we would see how we can secure our endpoints with user authentication and permissions. Authentication will help us identify which user is currently logged in and permissions will decide which user(s) can access which resources.

Authentication

The idea of authentication is pretty simple. When a new incoming request comes, we have to check the request and see if we can identify any user credentials along with it. If you have read the Flask HTTP Auth tutorial or the one about JWT, you might remember how we were checking the authorization header to authenticate our users. We might also receive the user login data via a POST request (form submission) or the user may already be logged in and we can identify using the session data.

We can see that the authentication mechanism can largely vary. Django REST Framework is very flexible in accommodating them. We can give DRF a list of classes, DRF will run the authenticate method on those classes. As soon as a class successfully authenticates the user, the return values from the call is set to request.user and request.auth. If none of the classes manage to authenticate the user, then the user is set to django.contrib.auth.models.AnonymousUser .

We can set these classes using the DEFAULT_AUTHENTICATION_CLASSES settings under the DRF settings. Here’s an example:

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', ) }

In the example above we used BasicAuthentication and SessionAuthentication – two of the built in classes from Django REST Framework. We will look at how they work and we will also check how we can write our own class for our custom authentication.

(PS: Here we set the authentication policy globally, for all views / paths / resources – if we want, we can also use different authentication mechanism for each one, individually but that is usually not done in most cases).

Basic Authentication

In our example before, we mentioned the BasicAuthentication class. This class first checks the http authorization header (HTTP_AUTHORIZATION in request.META ). If the header contains appropriate string (something like Basic <Base64 Encoded Login>), it will decode the string, split the username, password and try to authenticate the user.

Basic Authentication is very simple, easy to setup and might be quite convenient for testing / debugging but I would highly discourage using this method on production.

Session Authentication

If you have used Django, you already know about session based authentication. In fact, Django itself handles the session based auth and sets the user as part of the request object (an instance of HttpRequest object. DRF just reads the user data from the request and checks for CSRF. That’s it.

Session Authentication works very well if your users are interacting with your API on the web, perhaps using ajax calls? In such cases, if the user is once logged in, his/her auth is stored in the session and we can depend on those data while making requests from our web app. However, this will not work well if the client doesn’t or can not accept cookies (apps on different domains, mobile or desktop apps, other micro services etc).

Token Authentication

If you understand JWT, this one will feel similar, except in this case, the token will be just a “token”, no JSON or no signing. The user logs in and gets a token. On subsequent requests, this token must be passed as part of the authorization header.

To use token based auth, we first need to add the rest_framework.authtoken app to the INSTALLED_APPS list in your settings.py file. And then run the migration to create the related tables.

python manage.py migrate

We also need to add the TokenAuthentication class to our DRF auth class list:

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', ) }

Now let’s create a view to issue tokens to user.

from django.contrib.auth import authenticate from rest_framework.decorators import api_view from rest_framework.response import Response from rest_framework.status import HTTP_401_UNAUTHORIZED from rest_framework.authtoken.models import Token @api_view(["POST"]) def login(request): username = request.data.get("username") password = request.data.get("password") user = authenticate(username=username, password=password) if not user: return Response({"error": "Login failed"}, status=HTTP_401_UNAUTHORIZED) token, _ = Token.objects.get_or_create(user=user) return Response({"token": token.key})

The code here should be self explanatory. We take username and password. We then try to authenticate the user using Django’s default authentication (checking username and password against what’s stored in the database). If the authentication fails, we return error message along with http status code 401. If the authentication succeeds, we issue a token for the user and pass it in the response.

We need to add this view to our urlpatterns next:

url(r'^login', login)

Now let’s try it out:

$ curl --request POST \ --url http://localhost:8000/api/login \ --header 'content-type: application/json' \ --data '{"username": "test_user", "password": "awesomepwd"}' {"token":"5e2effff34c85c11a8720a597b96d73a4634c9ad"}%

So we’re getting the tokens successfully. Now to access a secured resource, we need to pass it as part of the authorization header. But how do we make a resource available only to a logged in user? Well, permissions come into play here.

Permissions

While authentication tells us which user is logged in (or not), it’s our responsibility to check if the current user (a valid logged in user or a guest, not logged in visitor) has access to the resource. Permissions can help us deal with that. Just like authentication, we can also set a class of permissions globally or on each resource individually. Let’s start with the IsAuthenticated permission first. Let’s add this to our SubscriberViewSet.

from rest_framework.permissions import IsAuthenticated class SubscriberViewSet(ModelViewSet): serializer_class = SubscriberSerializer queryset = Subscriber.objects.all() permission_classes = (IsAuthenticated,)

If we try to access subscribers without any authentication, we will get an error message now:

{ "detail": "Authentication credentials were not provided." }

So let’s provide authentication using the token we got.

$ curl -H "Content-Type: application/json" -H "Authorization: Token 5e2effff34c85c11a8720a597b96d73a4634c9ad" http://localhost:8000/api/subscribers/

Now it works fine! There are many useful, already provided permission classes with Django REST Framework. You can find a list of them here http://www.django-rest-framework.org/api-guide/permissions/#api-reference.

Custom Authentication and Permissions

The authentication and permission classes which come with DRF are quite enough for many cases. But what if we needed to create our own? Let’s see how we can do that.

Writing a custom authentication class is very simple. You define your custom authenticate method which would receive the request object. You will have to return an instance of the default User model if authentication succeeds, otherwise raise an exception. You can also return an optional value for the auth object to be set on request. If our authentication method can not be used for this request, we should return None so other classes are tried.

Here’s an example from DRF docs:

from django.contrib.auth.models import User from rest_framework import authentication from rest_framework import exceptions class ExampleAuthentication(authentication.BaseAuthentication): def authenticate(self, request): username = request.META.get('X_USERNAME') if not username: return None try: user = User.objects.get(username=username) except User.DoesNotExist: raise exceptions.AuthenticationFailed('No such user') return (user, None)

In this example, the username is being retrieved from a custom header (X_USERNAME) and the rest is quite easy to understand.

Next, let’s see how we can create our custom permission class. For permissions, we can have two types of permissions – global permission or per object permission. Here’s an example of global permission from DRF docs:

from rest_framework import permissions class BlacklistPermission(permissions.BasePermission): """ Global permission check for blacklisted IPs. """ def has_permission(self, request, view): ip_addr = request.META['REMOTE_ADDR'] blacklisted = Blacklist.objects.filter(ip_addr=ip_addr).exists() return not blacklisted

If the has_permission method returns True then the user has permission, otherwise not. Let’s see the example for per object permission:

class IsOwnerOrReadOnly(permissions.BasePermission): """ Object-level permission to only allow owners of an object to edit it. Assumes the model instance has an `owner` attribute. """ def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request, # so we'll always allow GET, HEAD or OPTIONS requests. if request.method in permissions.SAFE_METHODS: return True # Instance must have an attribute named `owner`. return obj.owner == request.user

For dealing with per object permission, we can override the has_object_permission method. It can take the request, the view and the obj. We have to check if the current user can access the obj in question. Just like before, we need to return True or False to allow or deny the request.

In this blog post, we learned the basics of authentication and permissions. We now know how we can secure our API endpoints with DRF. While the token based authentication was very useful, we kind of like JWT. So in our next post, we will be using a third party package to implement JWT for Django REST Framework.

The post Django REST Framework: Authentication and Permissions appeared first on Polyglot.Ninja().

Categories: FLOSS Project Planets

Ritesh Raj Sarraf: apt-offline 1.8.0 releasedI

Planet Debian - Sun, 2017-05-21 17:17

I am pleased to announce the release of apt-offline, version 1.8.0. This release is mainly a forward port of apt-offline to Python 3 and PyQt5. There are some glitches related to Python 3 and PyQt5, but overall the CLI interface works fine. Other than the porting, there's also an important bug fixed, related to memory leak when using the MIME library. And then there's some updates to the documentation (user examples) based on feedback from users.

Release is availabe from Github and Alioth

 

 

 

What is apt-offline ?

Description: offline APT package manager apt-offline is an Offline APT Package Manager. . apt-offline can fully update and upgrade an APT based distribution without connecting to the network, all of it transparent to APT. . apt-offline can be used to generate a signature on a machine (with no network). This signature contains all download information required for the APT database system. This signature file can be used on another machine connected to the internet (which need not be a Debian box and can even be running windows) to download the updates. The downloaded data will contain all updates in a format understood by APT and this data can be used by apt-offline to update the non-networked machine. . apt-offline can also fetch bug reports and make them available offline. Categories: Keywords: Like: 
Categories: FLOSS Project Planets

Bryan Pendleton: The Upper Rhine Valley: prelude and overture

Planet Apache - Sun, 2017-05-21 17:11

We took an altogether-too-short but thoroughly wonderful trip to the Upper Rhine Valley region of Europe. I'm not sure that "Upper Rhine Valley" is a recognized term for this region, so please forgive me if I've abused it; more technically, we visited:

  1. The Alsace region of France
  2. The Schwarzenwald region of Germany
  3. The neighboring areas of Frankfurt, Germany, and Basel, Switzerland.
But since we were at no point more than about 40 miles from the Rhine river, and since we were several hundred miles from the Rhine's mouth in the North Sea, it seems like a pretty good description to me.

Plus, it matches up quite nicely with this map.

So there you go.

Anyway, we spent 10 wonderful days there, which was hardly even close to enough, but it was what we had.

And I, in my inimitable fashion, packed about 30 days of sightseeing into those 10 days, completely exhausting my travel companions.

Once again, no surprise.

I'll have more to write about various aspects of the trip subsequently, but here let me try to crudely summarize the things that struck me about the trip.

  • Rivers are incredibly important in Europe, much more so than here in America. Rivers provide transportation, drinking water, sewage disposal, electric power, food (fish), and form the boundaries between regions and nations. They do some of these things in America, too, but we aren't nearly as attached to our rivers as they are in Central Europe, where some of the great rivers of the world arise.
  • For centuries, castles helped people keep an eye on their rivers, and make sure that their neighbors were behaving as they should in the river valleys.
  • Trains are how you go places in Europe. Yes, you can fly, or you can drive, but if you CAN take a train, you should. And, if you can take a first class ticket on TGV, you absolutely, absolutely should. I have never had a more civilized travel experience than taking the TGV from Frankfurt to Strasbourg. (Though full credit to Lufthansa for being a much-better-than-ordinary airline. If you get a chance to travel Lufthansa, do it.)
  • To a life-long inhabitant of the American West, Central Europe is odd for having almost no animals. People live in Central Europe, nowadays; animals do not. BUT: storks!
  • France, of course, is the country that perfected that most beautiful of beverages: wine. While most of the attention to wine in France goes to Southern France, don't under-rate Alsace, for they have absolutely delicious wines of many types, and have been making wine for (at least) 2,000 years. We Californians may think we know something about wine; we don't.
  • The visible history of the Upper Rhine Valley is deeply formed by the Franks. Don't try to understand the cathedrals, villages, cities, etc. without spending some time thinking about Charlemagne, etc. And, if you were like me and rather snored through this part of your schooling, prepare to have your eyes opened.
  • The other major history of the Upper Rhine Valley involves wars. My, but this part of the world has been fought over for a long time. Most recently, of course, we can distinguish these major events:
    1. The Franco-Prussian war, which unified Germany and resulted in Alsace being a German territory
    2. World War One
    3. World War Two
    Although the most recent of these events is now 75 years in the past, the centuries and centuries of conflict over who should rule these wonderful lands has left its mark, deeply.

    So often through my visit I thought to myself: "Am I in French Germany? Or perhaps is this German France?" Just trying to form and phrase these questions in my head, I realized how little I knew, and how much there is to learn, about how people form their bonds with their land, and their neighbors, and their thoughts. Language, food, customs, politics, literature: it's all complex and it's all one beautiful whole.

    This, after all, is the land where Johannes Gutenberg invented the printing press, where people like Johann Wolfgang von Goethe, Louis Pasteur, John Calvin, and Albert Schweitzer lived and did their greatest work.

I could, of course, have been much terser:

  1. The Upper Rhine Valley is one of the most beautiful places on the planet. The people who live there are very warm and welcoming, and it is a delightful place to take a vacation
  2. Early May is an absolutely superb time to go there.

I'll write more later, as I find time.

Categories: FLOSS Project Planets

Holger Levsen: 20170521-this-time-of-the-year

Planet Debian - Sun, 2017-05-21 14:26
It's this time of the year again…

So it seems summer has finally arrived here and for the first time this year I've been offline for more than 24h, even despite having wireless network coverage. The lake, the people, the bonfire, the music, the mosquitos and the fireworks at 3.30 in the morning were totally worth it!

Categories: FLOSS Project Planets

PyBites: Twitter digest 2017 week 20

Planet Python - Sun, 2017-05-21 13:59

Every weekend we share a curated list of 15 cool things (mostly Python) that we found / tweeted throughout the week.

Categories: FLOSS Project Planets

Russ Allbery: Review: Sector General

Planet Debian - Sun, 2017-05-21 13:21

Review: Sector General, by James White

Series: Sector General #5 Publisher: Orb Copyright: 1983 Printing: 2002 ISBN: 0-312-87770-6 Format: Trade paperback Pages: 187

Sector General is the fifth book (or, probably more accurately, collection) in the Sector General series. I blame the original publishers for the confusion. The publication information is for the Alien Emergencies omnibus, which includes the fourth through the sixth books in the series.

Looking back on my previous reviews of this series (wow, it's been eight years since I read the last one?), I see I was reviewing them as novels rather than as short story collections. In retrospect, that was a mistake, since they're composed of clearly stand-alone stories with a very loose arc. I'm not going to go back and re-read the earlier collections to give them proper per-story reviews, but may as well do this properly here.

Overall, this collection is more of the same, so if that's what you want, there won't be any negative surprises. It's another four engineer-with-a-wrench stories about biological and medical puzzles, with only a tiny bit of characterization and little hint to any personal life for any of the characters outside of the job. Some stories are forgettable, but White does create some memorable aliens. Sadly, the stories don't take us to the point of real communication, so those aliens stop at biological puzzles and guesswork. "Combined Operation" is probably the best, although "Accident" is the most philosophical and an interesting look at the founding principle of Sector General.

"Accident": MacEwan and Grawlya-Ki are human and alien brought together by a tragic war, and forever linked by a rather bizarre war monument. (It's a very neat SF concept, although the implications and undiscussed consequences don't bear thinking about too deeply.) The result of that war was a general recognition that such things should not be allowed to happen again, and it brought about a new, deep commitment to inter-species tolerance and politeness. Which is, in a rather fascinating philosophical twist, exactly what MacEwan and Grawlya-Ki are fighting against: not the lack of aggression, which they completely agree with, but with the layers of politeness that result in every species treating all others as if they were eggshells. Their conviction is that this cannot create a lasting peace.

This insight is one of the most profound bits I've read in the Sector General novels and supports quite a lot of philosophical debate. (Sadly, there isn't a lot of that in the story itself.) The backdrop against which it plays out is an accidental crash in a spaceport facility, creating a dangerous and potentially deadly environment for a variety of aliens. Given the collection in which this is included and the philosophical bent described above, you can probably guess where this goes, although I'll leave it unspoiled if you can't. It's an idea that could have been presented with more subtlety, but it's a really great piece of setting background that makes the whole series snap into focus. A much better story in context than its surface plot. (7)

"Survivor": The hospital ship Rhabwar rescues a sole survivor from the wreck of an alien ship caused by incomplete safeguards on hyperdrive generators. The alien is very badly injured and unconscious and needs the full attention of Sector General, but on the way back, the empath Prilicla also begins suffering from empathic hypersensitivity. Conway, the protagonist of most of this series, devotes most of his attention to that problem, having delivered the rescued alien to competent surgical hands. But it will surprise no regular reader that the problems turn out to be linked (making it a bit improbable that it takes the doctors so long to figure that out). A very typical entry in the series. (6)

"Investigation": Another very typical entry, although this time the crashed spaceship is on a planet. The scattered, unconscious bodies of the survivors, plus signs of starvation and recent amputation on all of them, convinces the military (well, police is probably more accurate) escort that this is may be a crime scene. The doctors are unconvinced, but cautious, and local sand storms and mobile vegetation add to the threat. I thought this alien design was a bit less interesting (and a lot creepier). (6)

"Combined Operation": The best (and longest) story of this collection. Another crashed alien spacecraft, but this time it's huge, large enough (and, as they quickly realize, of a design) to indicate a space station rather than a ship, except that it's in the middle of nowhere and each segment contains a giant alien worm creature. Here, piecing together the biology and the nature of the vehicle is only the beginning; the conclusion points to an even larger problem, one that requires drawing on rather significant resources to solve. (On a deadline, of course, to add some drama.) This story requires the doctors to go unusually deep into the biology and extrapolated culture of the alien they're attempting to rescue, which made it more intellectually satisfying for me. (7)

Followed by Star Healer.

Rating: 6 out of 10

Categories: FLOSS Project Planets

SMB on openSUSE Conference

Planet KDE - Sun, 2017-05-21 13:05

The annual openSUSE Conference 2017 is upcoming! Next weekend it will be again in the Z-Bau in Nuremberg, Germany.

The conference program is impressive and if you can make it, you should consider stopping by.

Stefan Schäfer from the Invis server project and me will organize a workshop about openSUSE for Small and Medium Business (SMB).

SMB is a long running concern of the heart of the two of us: Both Stefan, who even does it for living, and me have both used openSUSE in the area of SMB for long and we know how well it serves there. Stefan has even initiated the Invis Server Project, which is completely free software and builds on top of the openSUSE distributions. The Invis Server adds a whole bunch of extra functionality to openSUSE that is extremely useful in the special SMB usecase. It came a long way starting as Stefans own project long years ago, evolving as proper maintained openSUSE Spin in OBS with a small, but active community.

The interesting question is how openSUSE, Invis Server and other smaller projects like for example Kraft can unite and offer a reliable maintained and comprehensive solution for this huge group of potential users, that is now locked in to proprietary technologies mainly while FOSS can really make a difference here.

In the workshop we first will introduce the existing projects briefly, maybe discuss some technical questions like integration of new packages in the openSUSE distributions and such, and also touch organizational question like how we want to setup and market openSUSE SMB.

Participants in the workshop should not expect too much presentation. We rather hope for a lively discussion with many people bringing in their projects that might fit, their experiences and ideas. Don’t be shy

 

 


Categories: FLOSS Project Planets

Mike Driscoll: PyCon 2017 Videos are Up

Planet Python - Sun, 2017-05-21 12:31

The PyCon 2017 videos are already available on Youtube. Here are some highlights:

The Vanderplas Keynote

Raymond Hettinger’s “Modern Python Dictionaries — A confluence of a dozen great ideas”

Brett Cannon’s “What’s New in Python 3.6?”

And there’s much more here: https://www.youtube.com/channel/UCrJhliKNQ8g0qoE_zvL8eVg/feed

Categories: FLOSS Project Planets

Adnan Hodzic: Automagically deploy & run containerized WordPress (PHP7 FPM, Nginx, MariaDB) using Ansible + Docker on AWS

Planet Debian - Sun, 2017-05-21 12:28

In this blog post, I’ve described what started as simple migration of WordPress blog to AWS, ended up as automation project consisting of publishing multiple Ansible roles deploying and running multiple Docker images.

If you’re not interested in reading about my entire journey, cognition gains and how this process came to be, please skim down to “Birth of: containerized-wordpress-project (TL;DR)” section.

Migrating WordPress blog to AWS (EC2, Lightsail?)

Since I’ve been sold on Amazon’s AWS idea of cloud computing “services” for couple of years now. I’ve wanted, and been trying to migrate this (WordPress) blog to AWS, but somehow it never worked out.

Moving it to EC2 instance, with its own ELB volumes, AMI, EIP, Security Group … it just seemed as an overkill.

When AWS Lightsail was first released, it seemed that was an answer to all my problems.

But it wasn’t, disregarding its bit restrictive/dumbed down versions of original features. Living in Amsterdam, my main problem with it was that it was only available in a single US region.

Regardless, I thought it had everything I needed for WordPress site, and as a new service, it had great potential.

Its regional limitations were also good in a sense that they made me realize one important thing. And that’s once I migrate my blog to AWS, I want to be able to seamlessly move/migrate it across different EC2’s and different regions once they were available.

If done properly, it meant I could even have it moved across different clouds (I’m talking to you Google Cloud).

P.S: AWS Lightsail is now available in couple of different regions across Europe. Rollout which was almost smoothless.

Fundamental problem of every migration … is migration

Phase 1: Don’t reinvent the wheel?

When you have a WordPress site that’s not self hosted. You want everything to work, but yet you really don’t want to spend any time managing infrastructure it’s on.

And as soon as I started looking what could fit this criteria, I found that there were pre-configured, running out of box WordPress EC2 images available on AWS Marketplace, great!

But when I took a look, although everything was running out of box, I wasn’t happy with software stack it was all built on. Namely Ubuntu 14.04 and Apache, and all of the services were started using custom scripts. Yuck.

With this setup, when it was time to upgrade (and it’s already that time) you wouldn’t be thinking about upgrade. You’d only be thinking about another migration.

Phase 2: What if I built everything myself?

Installing and configuring everything manually, and then writing huge HowTo which I would follow when I needed to re-create whole stack was not an option. Same case with was scripting whole process, as overhead of changes that had to be tracked was too way too big.

Being a huge Ansible fan, automating this step was a natural next step.

I even found an awesome Ansible role which seemed like it’s going to do everything I need. Except, I realized I needed to update all software that’s deployed with it, and customize it since configuration it was deployed on wasn’t as generic.

So I forked it and got to work. But soon enough, I was knee deep in making and fiddling with various system changes. Something I was trying to get away in this case, and most importantly something I was trying to avoid when it was time for next update.

Phase 3: Marriage made in heaven: Ansible + Docker + AWS

Idea to have everything Dockerized was around from very start. However, it never made a lot of sense until I put Ansible into same picture. And it was at this point where my final idea and requirements become crystal clear.

Use Ansible to configure and setup host ready for Docker ecosystem. Ecosystem consisting of multiple separate containers for each required service (WordPress + Nginx + MariaDB). Link them all together as a single service using Docker Compose.

Idea was backed by thought to spend minimum to no time (and effort) on manual configuration of anything on the server. Level of attachment to this server was so low that I didn’t even want to SSH to it.

If there was something wrong, I could just nuke the whole thing and deploy code on a new healthy rolled out server with everything working out of box.

After it was clear what needed to be done, I got to work.

Birth of: containerized-wordpress-project (TL;DR)

After a lot of work, end result is project which allows you to automagically deploy & run containerized WordPress instance which consists of 3 separate containers running:

  • WordPress (PHP7 FPM)
  • Nginx
  • MariaDB

Once run, containerized-wordpress playbook will guide you through interactive setup of all 3 containers, after which it will run all  Ansible roles created for this project. End result is that host you have never even SSH-ed to will be fully configured and running containerized WordPress instace out of box.

Most importantly, this whole process will be completed in <= 5 minutes and doesn’t require any Docker or Ansible knowledge!

containerized-wordpress demo

Console output of running “containerized-wordpress” Ansible Playbook:

Accessing WordPress instance created from “containerized-wordpress” Ansible Playbook:

Did I end up migrating to AWS in the end?

You bet. Thanks to efforts made in containerized-wordpress-project, I’m happy to report my whole WordPress migration to AWS was completed in matter of minutes and that this blog is now running on Docker and on AWS!

I hope this same project will help you take a leap in your migration.

Happy hacking!

Categories: FLOSS Project Planets
Syndicate content