CODEWITHSUNDEEP
djangoobfuscationdjango-urls
Belmin Fernandez
Belmin Fernandez

Reputation: 8647

Obfuscated Django URL for model objects

I have a Django model that looks something like this:

class Person(models.Model):

    name = models.CharField(max_length=32)
    place = models.ForeignKey(Place, related_name='people')
    approved = models.BooleanField()
    objects = PersonManager()

    @models.permalink
    def get_absolute_url(self):
        return('deal_details', (), {
            'person_slug': slugify(self.name),
        })

As you could see, I already have an absolute URL for the object. However, I want to create a difficult-to-guess URL to keep track of the approval process of the object. Anyone done something similar and/or have any suggestions on how I should proceed?

My first thought was creating a model field like obfuscated_key that is generated randomly via the save function of the model. Then the URL would look something like /people/status/<id>/<obfuscated_key>/. But perhaps there's a better way to go about this?

Upvotes: 2

Views: 1857

Answers (3)

Adam
Adam

Reputation: 56

I've used UUIDField to do something similar.

In the model:

uuid = UUIDField(auto=True)

then in the view check the id and uuid:

item = get_object_or_404(Item, id=id, uuid__exact=uuid)

The UUIDField is from http://djangosnippets.org/snippets/335/

Upvotes: 0

Daniel Roseman
Daniel Roseman

Reputation: 599778

A good way to do this would be to hash the object's ID with the installation's secret key (from settings.py). This is what the password reset email form does - there's some useful code in django.contrib.auth.tokens - and, in the very latest SVN versions, django.contrib.auth.crypto.

Upvotes: 5

Andrew Sledge
Andrew Sledge

Reputation: 10351

Something like a URL shortener (read: obfuscating) might work.

http://djangosnippets.org/snippets/1323/

Upvotes: 0

Related Questions