CODEWITHSUNDEEP
pythondjango
Shashi
Shashi

Reputation: 2175

Django url validation

HI,

I want to validate my urls whether they are post or get with caring the proper data.So i want to validate these urls before they call to respective views.So i am willing to write the some kind of middleware between view and urls so that i can keep safe the system.I am not aware how do i pass the data through middleware code to view.In middle ware i will write the unittest code.which will validate the urls if valid then will pass to the respective view other wise happy to say 404 .So can any buddy suggest me how do i handle the case.Or may be their is another alternative best way to do this validation.

Thanks to all.

Upvotes: 3

Views: 3692

Answers (2)

Shawn Chin
Shawn Chin

Reputation: 86834

You should really be checking for request type in your views, and not in a middleware. As I mentioned in the comments above, you can't tell whether a request is a POST message from the URL alone, let alone determine what POST data it carries.

Checking the request type within a view is very straight-forward -- simple check that request.method is equal to "GET" or "POST".

If you're doing this often, a short cut would be to create a decorator which does this check for you. For example, the following decorator checks that a GET request was used to call this view, or else return an HttpResponseBadRequest object (status code 400):

# untested code, use with care
def require_GET(view_func):
    def wrap(request, *args, **kwargs):
        if request.method != "GET":
            return HttpResponseBadRequest("Expecting GET request")
        return view_func(request, *args, **kwargs)
    wrap.__doc__ = view_func.__doc__
    wrap.__dict__ = view_func.__dict__
    wrap.__name__ = view_func.__name__
    return wrap

You can then simply prepend your view function with @require_GET and the check will be done whever the view is called. E.g.

@require_GET
def your_view(request):
    # ...

You can do the same for POST.

Here's an example decorator checking for POST request which takes an optional list of fields that must be provided with the POST request.

# again, untested so use with care.
def require_POST(view_func, required_fields=None):
    def wrap(request, *args, **kwargs):
        if request.method != "POST":
            return HttpResponseBadRequest("Expecting POST request")
        if required_fields:
            for f in required_fields:
                if f not in request.POST:
                    return HttpResponseBadRequest("Expecting field %s" % f)
        return view_func(request, *args, **kwargs)
    wrap.__doc__ = view_func.__doc__
    wrap.__dict__ = view_func.__dict__
    wrap.__name__ = view_func.__name__
    return wrap

Use like this:

@require_POST
def another_view(request):
    # ...

or:

@require_POST(required_fields=("username", "password"))
def custom_login_view(request):
    # ...

Update

OK, my bad. I've just reinvented wheel.

Django already provides the @require_GET and @require_POST decorators. See django.views.decorators.http.

Upvotes: 5

Mp0int
Mp0int

Reputation: 18727

Like others said, you must do it in your view, or maybe you must say what you are trying to do for the best...

Anyway, you can not create a responce object in process_request , you can only add variables or change variables on the related request, like the sessionid variable used by django, or any such thing... Or update any existing request variables...

So, you must use process_view, which is triggered after process_request and just before your related view function is executed.Since you have request object at hand, you can check GET or POST data by using request.GET or request.POST.

For doing this, you must add your middle class to MIDDLEWARE_CLASSES in settings.py and write a proper middleware process_view function. For writing middlewares see middleware documentation and check existing middlewares of django. Or tell me what you are rtying to do...

Upvotes: 2

Related Questions