Mastering Django: Core

Table of Contents

Mastering Django: Core

Credits

About the Author

www.PacktPub.com

Why subscribe?

Preface

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Introduction to Django and Getting Started

Introducing Django

Django's history

Installing Django

Installing Python

Python versions

Installation

Installing a Python Virtual Environment

Installing Django

Setting up a database

Starting a project

Django settings

The development server

The Model-View-Controller (MVC) design pattern

What's next?

2. Views and URLconfs

Your first Django-powered page: Hello World

Your first view

Your first URLconf

Regular expressions

A quick note about 404 errors

A quick note about the site root

How Django processes a request

Your second view: dynamic content

URLconfs and loose coupling

Your third view: dynamic URLs

Django's pretty error pages

What's next?

3. Templates

Template system basics

Using the template system

Creating template objects

Rendering a template

Dictionaries and contexts

Multiple contexts, same template

Context variable lookup

Method call behavior

How invalid variables are handled

Basic template-tags and filters

Tags

if/else

for

ifequal/ifnotequal

Comments

Filters

Philosophies and limitations

Using templates in views

Template loading

Template directories

render()

Template subdirectories

The include template tag

Template inheritance

What's next?

4. Models

The dumb way to do database queries in views

Configuring the database

Your first app

Defining Models in Python

Your first model

Installing the Model

Basic data access

Adding model string representations

Inserting and updating data

Selecting objects

Filtering data

Retrieving single objects

Ordering data

Chaining lookups

Slicing data

Updating multiple objects in one statement

Deleting objects

What's next?

5. The Django Admin Site

Using the admin site

Start the development server

Enter the admin site

Adding your models to the admin site

Making fields optional

Making date and numeric fields optional

Customizing field labels

Custom model admin classes

Customizing change lists

Customizing edit forms

Users, groups, and permissions

When and why to use the admin interface-and when not to

What's next?

6. Forms

Getting data from the Request Object

Information about the URL

Other information about the Request

Information about submitted data

A simple form-handling example

Query string parameters

Improving our simple form-handling example

Simple validation

Making a contact form

Your first form class

Tying form objects into views

Changing how fields are rendered

Setting a maximum length

Setting initial values

Custom validation rules

Specifying labels

Customizing form design

What's next?

7. Advanced Views and URLconfs

URLconf Tips and Tricks

Streamlining function imports

Special-Casing URLs in debug mode

Named groupsPreview

The matching/grouping algorithm

What the URLconf searches against

Captured arguments are always strings

Specifying defaults for view arguments

Performance

Error handling

Including other URLconfs

Captured parameters

Passing extra options to view functions

Passing extra options to include()

Reverse resolution of URLs

Examples

Naming URL patterns

URL namespaces

Reversing namespaced URLs

URL namespaces and included URLconfs

What's next?

8. Advanced Templates

Template language review

Requestcontext and context processors

auth

DEBUG

i18n

MEDIA

static

csrf

Request

messages

Guidelines for writing our own context processors

Automatic HTML escaping

How to turn it off

For individual variables

For template blocks

Automatic escaping of string literals in filter arguments

Inside Template loading

The DIRS option

Loader types

Filesystem loader

App directories loader

Other loaders

Extending the template system

Code layout

Creating a template library

Custom template tags and filters

Writing custom template filters

Registering custom filters

Template filters that expect strings

Filters and auto-escaping

Filters and time zones

Writing custom template tags

Simple tags

Inclusion tags

Assignment tags

Advanced custom template tags

A quick overview

Writing the compilation function

Writing the renderer

Auto-escaping Considerations

Thread-safety Considerations

Registering the tag

Passing template variables to The Tag

Setting a variable in the context

Variable scope in context

Parsing until another block tag

Parsing until another block tag, and saving contents

What's next

9. Advanced Models

Related objects

Accessing ForeignKey values

Accessing many-to-many values

Managers

Adding extra manager methods

Modifying initial manager QuerySets

Model methods

Overriding predefined model methods

Executing raw SQL queries

Performing raw queries

Model table names

Mapping query fields to model fields

Index lookups

Deferring model fields

Adding annotations

Passing parameters into raw()

Executing custom SQL directly

Connections and cursors

Adding extra Manager methods

What's next?

10. Generic Views

Generic views of objects

Making friendly template contexts

Adding extra context

Viewing subsets of objects

Dynamic filtering

Performing extra work

What's next?

11. User Authentication in Django

Overview

Using the Django authentication system

User objects

Creating superusers

Creating users

Changing passwords

Permissions and authorization

Default permissions

Groups

Programmatically creating permissions

Permission caching

Authentication in web requests

How to log a user in

How to log a user out

Limiting access to logged-in users

The raw way

The login_required decorator

Limiting access to logged-in users that pass a test

The permission_required() decorator

Session invalidation on password change

Authentication views

Login

Logout

Logout_then_login

Password_change

Password_change_done

Password_reset

Password_reset_done

Password_reset_confirm

Password_reset_complete

The redirect_to_login helper function

Built-in forms

Authenticating data in templates

Users

Permissions

Managing users in the admin

Creating users

Changing passwords

Password management in Django

How Django stores passwords

Using Bcrypt with Django

Password truncation with BCryptPasswordHasher

Other Bcrypt implementations

Increasing the work factor

Password upgrading

Manually managing a user's password

Customizing authentication in Django

Other authentication sources

Specifying authentication backends

Writing an authentication backend

Handling authorization in custom backends

Authorization for anonymous users

Authorization for inactive users

Handling object permissions

Custom permissions

Extending the existing user model

Substituting a custom user model

What's next?

12. Testing in Django

Introduction to testing

Introducing automated testing

What are automated tests?

So why create tests?

Basic testing strategies

Writing a test

Creating a test

Running tests

Testing tools

The test client

Provided TestCase classes

Simple TestCase

Transaction TestCase

TestCase

LiveServerTestCase

Test cases features

Default test client

Fixture loading

Overriding settings

settings()

modify_settings()

override_settings()

modify_settings()

Assertions

Email services

Management commands

Skipping tests

The test database

Using different testing frameworks

What's next?

13. Deploying Django

Preparing your codebase for production

Deployment checklist

Critical settings

SECRET_KEY

DEBUG

Environment-specific settings

ALLOWED_HOSTS

CACHES

DATABASES

EMAIL_BACKEND and Related Settings

STATIC_ROOT and STATIC_URL

MEDIA_ROOT and MEDIA_URL

HTTPS

CSRF_COOKIE_SECURE

SESSION_COOKIE_SECURE

Performance optimizations

CONN_MAX_AGE

TEMPLATES

Error reporting

LOGGING

ADMINS and MANAGERS

Customize the default error views

Using a virtualenv

Using different settings for production

Deploying Django to a production server

Deploying Django with Apache and mod_wsgi

Basic configuration

Using mod_wsgi daemon Mode

Serving files

Serving the admin files

If you get a UnicodEncodError

Serving static files in production

Serving the site and your static files from the same server

Serving static files from a dedicated server

Serving static files from a cloud service or CDN

Scaling

Running on a single server

Separating out the database server

Running a separate media server

Implementing load balancing and redundancy

Going big

Performance tuning

There's no such thing as Too Much RAM

Turn off Keep-Alive

Use Memcached

Use Memcached often

Join the conversation

What's next?

14. Generating Non-HTML Content

The basics: views and MIME types

Producing CSV

Streaming large CSV files

Using the template system

Other text-based formats

Generating PDF

Install ReportLab

Write your view

Complex PDF's

Further resources

Other possibilities

The syndication feed framework

The high-level framework

Overview

Feed classes

A simple example

A complex example

Specifying the type of feed

Enclosures

Language

URLs

Publishing Atom and RSS Feeds in tandem

The low-level framework

SyndicationFeed classes

SyndicationFeed.__init__()

SyndicationFeed.add_item()

SyndicationFeed.write()

SyndicationFeed.writeString()

Custom feed generators

SyndicationFeed.root_attributes(self, )

SyndicationFeed.add_root_elements(self, handler)

SyndicationFeed.item_attributes(self, item)

SyndicationFeed.add_item_elements(self, handler, item)

The Sitemap framework

Installation

Initialization

Sitemap classes

A simple example

Sitemap class reference

items

location

lastmod

changefreq

priority

protocol

i18n

Shortcuts

Example

Sitemap for static views

Creating a sitemap index

Template customization

Context variables

Index

Sitemap

Pinging google

django.contrib.syndication.ping_google()

Pinging Google via manage.py

What's next?

15. Django Sessions

Enabling sessions

Configuring the session engine

Using database-backed sessions

Using cached sessions

Using file-based sessions

Using cookie-based sessions

Using Sessions in Views

flush()

set_test_cookie()

test_cookie_worked()

delete_test_cookie()

set_expiry(value)

get_expiry_age()

get_expiry_date()

get_expire_at_browser_close()

clear_expired()

cycle_key()

Session object guidelines

Session serialization

Bundled serializers

serializers.JSONSerializer

serializers.PickleSerializer

Write your own serializer

Setting test cookies

Using sessions out of views

When sessions are saved

Browser-length sessions vs. persistent sessions

Clearing the session store

What's next

16. Djangos Cache Framework

Setting up the cache

Memcached

Database caching

Creating the cache table

Multiple databases

Filesystem caching

Local-memory caching

Dummy caching (for development)

Using a custom cache backend

Cache arguments

The per-site cache

The per-view cache

Specifying per-view Cache in the URLconf

Template fragment caching

The low-level cache API

Accessing the cache

Basic usage

Cache key prefixing

Cache versioning

Cache key transformation

Cache key warnings

Downstream caches

Using vary headers

Controlling cache: using other headers

What's next?

17. Django Middleware

Activating middleware

Hooks and application order

Writing your own middleware

process_request

process_view

process_template_response

process_response

Dealing with streaming responses

process_exception

__init__

Marking middleware as unused

Additional guidelines

Available middleware

Cache middleware

Common middleware

GZip middleware

Conditional GET middleware

Locale middleware

Message middleware

Security middleware

HTTP strict transport security

X-content-type-options: nosniff

X-XSS-protection

SSL redirect

Session middleware

Site middleware

Authentication middleware

CSRF protection middleware

X-Frame-options middleware

Middleware ordering

What's next?

18. Internationalization

Definitions

Internationalization

Localization

locale name

language code

message file

translation string

format file

Translation

Internationalization: in Python code

Standard translation

Comments for Translators

Marking strings as No-Op

Pluralization

Contextual markers

Lazy translation

Model fields and relationships

Model verbose names values

Model methods short_description attribute values

Working with lazy translation objects

Lazy translations and plural

Joining strings: string_concat()

Other uses of lazy in delayed translations

Localized names of languages

Internationalization: In template code

trans template tag

blocktrans template tag

String literals passed to tags and filters

Comments for translators in templates

Switching language in templates

Other tags

Internationalization: In Javascript code

The javascript_catalog view

Using the JavaScript translation catalog

Note on performance

Internationalization: In URL patterns

Language prefix in URL patterns

Translating URL patterns

Reversing in templates

Localization: How to create language files

Message files

Compiling message files

Creating message files from JavaScript source code

gettext on windows

Customizing the makemessages command

Explicitly setting the active language

Using translations outside views and templates

Implementation notes

Specialties of Django translation

How Django discovers language preference

How Django discovers translations

What's next?

19. Security in Django

Django's built in security features

Cross Site Scripting (XSS) protection

Cross Site Request Forgery (CSRF) protection

How to use it

AJAX

Other template engines

The decorator method

Rejected requests

How it works

Caching

Testing

Limitations

Edge cases

Utilities

django.views.decorators.csrf.csrf_exempt(view)

django.views.decorators.csrf.requires_csrf_token(view)

django.views.decorators.csrf.ensure_csrf_cookie(view)

Contrib and reusable apps

CSRF settings

SOL injection protection

Clickjacking protection

An example of clickjacking

Preventing clickjacking

How to use it

Setting X-Frame-Options for all responses

Setting X-Frame-Options per view

Limitations

Browsers that support X-Frame-Options

SSL/HTTPS

HTTP strict transport security

Host header validation

Session security

User-Uploaded content

Additional security tips

Archive of security issues

Cryptographic signing

Protecting the SECRET_KEY