book

Mastering Django: Core

Name: Mastering Django: Core
Author: Nigel George
ISBN: 9781787281141

by Nigel George

December 2016

Beginner to intermediate

694 pages

14h 2m

English

Packt Publishing

Read now

Unlock full access

Mastering Django: Core
Mastering Django: Core
Credits
About the Author
www.PacktPub.com
Why subscribe?
Preface
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
ErrataPiracyQuestions

1. Introduction to Django and Getting Started
Introducing DjangoDjango's historyInstalling DjangoInstalling PythonPython versionsInstallationInstalling a Python Virtual EnvironmentInstalling DjangoSetting up a databaseStarting a projectDjango settingsThe development serverThe Model-View-Controller (MVC) design pattern
What's next?
2. Views and URLconfs
Your first Django-powered page: Hello WorldYour first viewYour first URLconfRegular expressionsA quick note about 404 errorsA quick note about the site rootHow Django processes a request
Your second view: dynamic content
URLconfs and loose coupling
Your third view: dynamic URLs
Django's pretty error pages
What's next?
3. Templates
Template system basics
Using the template system
Creating template objectsRendering a template
Dictionaries and contexts
Multiple contexts, same templateContext variable lookupMethod call behaviorHow invalid variables are handled
Basic template-tags and filters
Tagsif/elseforifequal/ifnotequalCommentsFilters
Philosophies and limitations
Using templates in views
Template loading
Template directories
render()
Template subdirectories
The include template tag
Template inheritance
What's next?
4. Models
The "dumb" way to do database queries in views
Configuring the database
Your first app
Defining Models in Python
Your first modelInstalling the Model
Basic data access
Adding model string representationsInserting and updating dataSelecting objectsFiltering dataRetrieving single objectsOrdering dataChaining lookupsSlicing dataUpdating multiple objects in one statementDeleting objects
What's next?
5. The Django Admin Site
Using the admin siteStart the development serverEnter the admin site
Adding your models to the admin site
Making fields optional
Making date and numeric fields optional
Customizing field labels
Custom model admin classes
Customizing change listsCustomizing edit forms
Users, groups, and permissions
When and why to use the admin interface-and when not to
What's next?
6. Forms
Getting data from the Request ObjectInformation about the URLOther information about the RequestInformation about submitted data
A simple form-handling example
Query string parameters
Improving our simple form-handling example
Simple validation
Making a contact form
Your first form class
Tying form objects into views
Changing how fields are rendered
Setting a maximum length
Setting initial values
Custom validation rules
Specifying labels
Customizing form design
What's next?
7. Advanced Views and URLconfs
URLconf Tips and TricksStreamlining function importsSpecial-Casing URLs in debug modeNamed groupsPreviewThe matching/grouping algorithmWhat the URLconf searches againstCaptured arguments are always stringsSpecifying defaults for view arguments
Performance
Error handling
Including other URLconfs
Captured parameters
Passing extra options to view functions
Passing extra options to include()
Reverse resolution of URLs
Examples
Naming URL patterns
URL namespaces
Reversing namespaced URLsURL namespaces and included URLconfs
What's next?
8. Advanced Templates
Template language review
Requestcontext and context processors
authDEBUGi18nMEDIAstaticcsrfRequestmessages
Guidelines for writing our own context processors
Automatic HTML escaping
How to turn it offFor individual variablesFor template blocksAutomatic escaping of string literals in filter arguments
Inside Template loading
The DIRS optionLoader typesFilesystem loaderApp directories loaderOther loaders
Extending the template system
Code layoutCreating a template library
Custom template tags and filters
Writing custom template filtersRegistering custom filtersTemplate filters that expect stringsFilters and auto-escapingFilters and time zonesWriting custom template tagsSimple tagsInclusion tagsAssignment tags
Advanced custom template tags
A quick overviewWriting the compilation functionWriting the rendererAuto-escaping ConsiderationsThread-safety ConsiderationsRegistering the tagPassing template variables to The TagSetting a variable in the contextVariable scope in contextParsing until another block tagParsing until another block tag, and saving contents
What's next
9. Advanced Models
Related objectsAccessing ForeignKey valuesAccessing many-to-many values
Managers
Adding extra manager methodsModifying initial manager QuerySets
Model methods
Overriding predefined model methods
Executing raw SQL queries
Performing raw queries
Model table namesMapping query fields to model fieldsIndex lookupsDeferring model fieldsAdding annotationsPassing parameters into raw()
Executing custom SQL directly
Connections and cursorsAdding extra Manager methods
What's next?
10. Generic Views
Generic views of objects
Making "friendly" template contexts
Adding extra context
Viewing subsets of objects
Dynamic filtering
Performing extra work
What's next?
11. User Authentication in Django
Overview
Using the Django authentication system
User objects
Creating superusersCreating usersChanging passwords
Permissions and authorization
Default permissionsGroupsProgrammatically creating permissionsPermission caching
Authentication in web requests
How to log a user inHow to log a user outLimiting access to logged-in usersThe raw wayThe login_required decoratorLimiting access to logged-in users that pass a testThe permission_required() decoratorSession invalidation on password change
Authentication views
LoginLogoutLogout_then_loginPassword_changePassword_change_donePassword_resetPassword_reset_donePassword_reset_confirmPassword_reset_completeThe redirect_to_login helper functionBuilt-in forms
Authenticating data in templates
UsersPermissions
Managing users in the admin
Creating usersChanging passwords
Password management in Django
How Django stores passwordsUsing Bcrypt with DjangoPassword truncation with BCryptPasswordHasherOther Bcrypt implementationsIncreasing the work factorPassword upgradingManually managing a user's password
Customizing authentication in Django
Other authentication sourcesSpecifying authentication backendsWriting an authentication backendHandling authorization in custom backendsAuthorization for anonymous usersAuthorization for inactive usersHandling object permissions
Custom permissions
Extending the existing user model
Substituting a custom user model
What's next?
12. Testing in Django
Introduction to testing
Introducing automated testing
What are automated tests?So why create tests?
Basic testing strategies
Writing a test
Creating a test
Running tests
Testing tools
The test clientProvided TestCase classesSimple TestCaseTransaction TestCaseTestCaseLiveServerTestCaseTest cases featuresDefault test clientFixture loadingOverriding settingssettings()modify_settings()override_settings()modify_settings()AssertionsEmail servicesManagement commandsSkipping tests
The test database
Using different testing frameworks
What's next?
13. Deploying Django
Preparing your codebase for productionDeployment checklist
Critical settings
SECRET_KEYDEBUG
Environment-specific settings
ALLOWED_HOSTSCACHESDATABASESEMAIL_BACKEND and Related SettingsSTATIC_ROOT and STATIC_URLMEDIA_ROOT and MEDIA_URL
HTTPS
CSRF_COOKIE_SECURESESSION_COOKIE_SECURE
Performance optimizations
CONN_MAX_AGETEMPLATES
Error reporting
LOGGINGADMINS and MANAGERSCustomize the default error views
Using a virtualenv
Using different settings for production
Deploying Django to a production server
Deploying Django with Apache and mod_wsgi
Basic configurationUsing mod_wsgi daemon ModeServing filesServing the admin filesIf you get a UnicodEncodError
Serving static files in production
Serving the site and your static files from the same serverServing static files from a dedicated serverServing static files from a cloud service or CDN
Scaling
Running on a single serverSeparating out the database serverRunning a separate media serverImplementing load balancing and redundancyGoing big
Performance tuning
There's no such thing as Too Much RAMTurn off Keep-AliveUse MemcachedUse Memcached oftenJoin the conversation
What's next?
14. Generating Non-HTML Content
The basics: views and MIME types
Producing CSV
Streaming large CSV files
Using the template system
Other text-based formats
Generating PDF
Install ReportLab
Write your view
Complex PDF's
Further resources
Other possibilities
The syndication feed framework
The high-level framework
OverviewFeed classesA simple exampleA complex exampleSpecifying the type of feedEnclosuresLanguageURLsPublishing Atom and RSS Feeds in tandem
The low-level framework
SyndicationFeed classesSyndicationFeed.__init__()SyndicationFeed.add_item()SyndicationFeed.write()SyndicationFeed.writeString()Custom feed generatorsSyndicationFeed.root_attributes(self, )SyndicationFeed.add_root_elements(self, handler)SyndicationFeed.item_attributes(self, item)SyndicationFeed.add_item_elements(self, handler, item)
The Sitemap framework
InstallationInitializationSitemap classesA simple exampleSitemap class referenceitemslocationlastmodchangefreqpriorityprotocoli18nShortcutsExampleSitemap for static viewsCreating a sitemap indexTemplate customizationContext variablesIndexSitemapPinging googledjango.contrib.syndication.ping_google()Pinging Google via manage.py
What's next?
15. Django Sessions
Enabling sessions
Configuring the session engine
Using database-backed sessionsUsing cached sessionsUsing file-based sessionsUsing cookie-based sessions
Using Sessions in Views
flush()set_test_cookie()test_cookie_worked()delete_test_cookie()set_expiry(value)get_expiry_age()get_expiry_date()get_expire_at_browser_close()clear_expired()cycle_key()
Session object guidelines
Session serialization
Bundled serializersserializers.JSONSerializerserializers.PickleSerializerWrite your own serializer
Setting test cookies
Using sessions out of views
When sessions are saved
Browser-length sessions vs. persistent sessions
Clearing the session store
What's next
16. Djangos Cache Framework
Setting up the cacheMemcachedDatabase cachingCreating the cache tableMultiple databasesFilesystem cachingLocal-memory cachingDummy caching (for development)Using a custom cache backendCache arguments
The per-site cache
The per-view cache
Specifying per-view Cache in the URLconf
Template fragment caching
The low-level cache API
Accessing the cacheBasic usageCache key prefixingCache versioningCache key transformationCache key warnings
Downstream caches
Using vary headers
Controlling cache: using other headers
What's next?
17. Django Middleware
Activating middleware
Hooks and application order
Writing your own middleware
process_requestprocess_viewprocess_template_responseprocess_responseDealing with streaming responsesprocess_exception__init__Marking middleware as unusedAdditional guidelines
Available middleware
Cache middlewareCommon middlewareGZip middlewareConditional GET middlewareLocale middlewareMessage middlewareSecurity middlewareHTTP strict transport securityX-content-type-options: nosniffX-XSS-protectionSSL redirectSession middlewareSite middlewareAuthentication middlewareCSRF protection middlewareX-Frame-options middleware
Middleware ordering
What's next?
18. Internationalization
DefinitionsInternationalizationLocalizationlocale namelanguage codemessage filetranslation stringformat file
Translation
Internationalization: in Python code
Standard translationComments for TranslatorsMarking strings as No-OpPluralizationContextual markersLazy translationModel fields and relationshipsModel verbose names valuesModel methods short_description attribute valuesWorking with lazy translation objectsLazy translations and pluralJoining strings: string_concat()Other uses of lazy in delayed translationsLocalized names of languages
Internationalization: In template code
trans template tagblocktrans template tagString literals passed to tags and filtersComments for translators in templatesSwitching language in templatesOther tags
Internationalization: In Javascript code
The javascript_catalog viewUsing the JavaScript translation catalogNote on performance
Internationalization: In URL patterns
Language prefix in URL patternsTranslating URL patternsReversing in templates
Localization: How to create language files
Message filesCompiling message filesCreating message files from JavaScript source codegettext on windowsCustomizing the makemessages command
Explicitly setting the active language
Using translations outside views and templates
Implementation notes
Specialties of Django translationHow Django discovers language preferenceHow Django discovers translations
What's next?
19. Security in Django
Django's built in security featuresCross Site Scripting (XSS) protectionCross Site Request Forgery (CSRF) protectionHow to use itAJAXOther template enginesThe decorator methodRejected requestsHow it worksCachingTestingLimitationsEdge casesUtilitiesdjango.views.decorators.csrf.csrf_exempt(view)django.views.decorators.csrf.requires_csrf_token(view)django.views.decorators.csrf.ensure_csrf_cookie(view)Contrib and reusable appsCSRF settingsSOL injection protectionClickjacking protectionAn example of clickjackingPreventing clickjackingHow to use itSetting X-Frame-Options for all responsesSetting X-Frame-Options per viewLimitationsBrowsers that support X-Frame-OptionsSSL/HTTPSHTTP strict transport securityHost header validationSession securityUser-Uploaded content
Additional security tips
Archive of security issuesCryptographic signingProtecting the SECRET_KEYUsing the low-level APIUsing the salt argumentVerifying timestamped valuesProtecting complex data structuresSecurity middlewareWhat's next?
20. More on Installing Django
Running other databases
Installing Django manually
Upgrading Django
Remove any old versions of Django
Installing a Distribution-specific package
Installing the development version
What's next?
21. Advanced Database Management
General notesPersistent connectionsConnection managementCaveatsEncoding
postgreSQL notes
Optimizing postgreSQL's configurationIsolation levelIndexes for varchar and text columns
MySQL notes
Version supportStorage enginesMySQL DB API driversmySQLdbmySQLclientmySQL connector/pythonTimezone definitionsCreating your databaseCollation settingsConnecting to the databaseCreating your tablesTable namesSavepointsNotes on specific fieldsCharacter fieldsFractional seconds support for time and datetime fieldsTIMESTAMP columnsRow locking with Queryset.Select_For_Update()Automatic typecasting can cause unexpected results
SQLite notes
Substring matching and case sensitivityOld SQLite and CASE expressionsUsing newer versions of the SQLite DB-API 2.0 driverDatabase is locked errorsqueryset.Select_For_Update() not Supportedpyformat parameter style in raw queries not supportedParameters not quoted in connection.queries
Oracle notes
Connecting to the databaseThreaded optionINSERT ... RETURNING INTONaming issuesNULL and empty stringsTextfield limitations
Using a 3rd-Party database backend
Integrating Django with a legacy database
Give Django your database parametersAuto-generate the modelsInstall the core Django tablesCleaning up generated modelsTest and tweak
What's next?
A. Model Definition Reference
FieldsField name restrictionsFileField notesFileField FileField.upload_toFileField.storageFileField and FieldFileFieldFile.urlFieldFile.open(mode='rb')FieldFile.close()FieldFile.save(name, content, save=True)FieldFile.delete(save=True)
Universal field options
Field attribute reference
Attributes for fieldsField.auto_createdField.concreteField.hiddenField.is_relationField.modelAttributes for fields with relationsField.many_to_manyField.many_to_oneField.one_to_manyField.one_to_oneField.related_model
Relationships
ForeignKeyDatabase representationArgumentslimit_choices_torelated_namerelated_query_nameto_fielddb_constrainton_deleteswappableManyToManyFieldDatabase representationArgumentsrelated_namerelated_query_namelimit_choices_tosymmetricalthroughthrough_fieldsdb_tabledb_constraintswappableOneToOneFieldparent_link
Model metadata options
B. Database API Reference
Creating objects
Saving changes to objects
Saving ForeignKey and ManyToManyField fields
Retrieving objects
Retrieving all objectsRetrieving specific objects with filtersChaining filtersFiltered querysets are uniqueQuerySets are lazyRetrieving a single object with getOther queryset methodsLimiting querysetsField lookupsLookups that span relationshipsSpanning multi-valued relationshipsFilters can reference fields on the modelThe pk lookup shortcutEscaping percent signs and underscores in LIKE statementsCaching and querysetsWhen querysets are not cached
Complex lookups with Q objects
Comparing objects
Deleting objects
Copying model instances
Updating multiple objects at once
Related objects
One-to-many relationshipsForwardFollowing relationships backwardUsing a custom reverse managerAdditional methods to handle related objectsMany-to-many relationshipsOne-to-one relationshipsQueries over related objects
Falling back to raw SQL
C. Generic View Reference
Common arguments to generic views
Simple generic views
Rendering a template-TemplateViewRedirecting to another URLAttributesurlpattern_namepermanentquery_stringMethods
List/detail generic views
Lists of objectsDetail views
Date-Based Generic Views
ArchiveIndexViewYearArchiveViewMonthArchiveViewWeekArchiveViewDayArchiveViewTodayArchiveViewDateDetailView
Form handling with class-based views
Basic formsModel formsModels and request.userAJAX example
D. Settings
What's a settings file?Default settingsSeeing which settings you've changed
Using settings in Python code
Altering settings at runtime
Security
Creating your own settings
DJANGO_SETTINGS_MODULE
The django-admin utilityOn the server (mod_wsgi)
Using settings without setting DJANGO_SETTINGS_MODULE
Custom default settingsEither configure() or DJANGO_SETTINGS_MODULE is required
Available settings
Core settingsAuthMessagesSessionsSitesStatic files
E. Built-in Template Tags and Filters
Built-in tagsautoescapeblockcommentcsrf_tokencycledebugextendsfilterfirstofforfor... emptyifBoolean operatorsComplex expressionsFiltersifchangedifequalifnotequalincludeloadloremnowregroupspacelesstemplatetagurlverbatimwidthratiowith
Built-in filters
addaddslashescapfirstcentercutdatedefaultdefault_if_nonedictsortdictsortreverseddivisiblebyescapeescapejsfilesizeformatfirstfloatformatget_digitiriencodejoinlastlengthlength_islinebreakslinebreaksbrlinenumbersljustlowermake_listphone2numericpluralizepprintrandomrjustsafesafeseqsliceslugifystringformatstriptagstimetimesincetimeuntiltitletruncatecharstruncatechars_htmltruncatewordstruncatewords_htmlunordered_listupperurlencodeurlizeurlizetruncwordcountwordwrapyesno
Internationalization tags and filters
i18nl10ntz
Other tags and filters libraries
staticget_static_prefixget_media_prefix
F. Request and Response Objects
HttpRequest objectsAttributesMethods
QueryDict objects
Methods
HttpResponse objects
UsageAttributesMethodsHttpResponse subclasses
JsonResponse Objects
Usage
StreamingHttpResponse objects
Performance considerationsAttributes
FileResponse objects
Error views
The 404 (page not found) viewThe 500 (server error) viewThe 403 (HTTP Forbidden) viewThe 400 (bad request) view
Customizing error views
G. Developing Django with Visual Studio
Installing Visual StudioInstall PTVS and Web Essentials
Creating A Django project
Start a Django project
Django development in Visual Studio
Integration of Django management commandsEasy installation of Python packagesEasy installation of new Django apps

Content preview from Mastering Django: Core

Password management in Django

Password management is something that should generally not be reinvented unnecessarily, and Django endeavors to provide a secure and flexible set of tools for managing user passwords. This document describes how Django stores passwords, how the storage hashing can be configured, and some utilities to work with hashed passwords.

How Django stores passwords

Django provides a flexible password storage system and uses PBKDF2 (for more information visit http://en.wikipedia.org/wiki/PBKDF2) by default. The password attribute of a User object is a string in this format:

<algorithm>$<iterations>$<salt>$<hash>

Those are the components used for storing a User's password, separated by the dollar-sign character and consist of: ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Django Standalone Apps: Learn to Develop Reusable Django Libraries

Publisher Resources

ISBN: 9781787281141

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Mastering Django: Core

by Nigel George

Password management in Django

How Django stores passwords

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Django Standalone Apps: Learn to Develop Reusable Django Libraries

Django 2 by Example

Django Unleashed

Decoupled Django: Understand and Build Decoupled Django Architectures for JavaScript Front-ends

Publisher Resources