发表新帖
发表新帖

django modifying the request object

后端 未结
关注
4 1241
故里飘歌
故里飘歌 2020-11-30 07:10

I already have a django project and it logical like those:

url: URL?username=name&pwd=passwd

view:

def func(request):
   dic = request
相关标签:
4条回答
  • 感动是毒
    2020-11-30 07:42

    django.http.QueryDict objects that are assigned to request.GET and request.POST are immutable.

    You can convert it to a mutable QueryDict instance by copying it:

    request.GET = request.GET.copy()

    Afterwards you'll be able to modify the QueryDict:

    >>> from django.test.client import RequestFactory
>>> request = RequestFactory().get('/')
>>> request.GET
<QueryDict: {}>
>>> request.GET['foo'] = 'bar'
AttributeError: This QueryDict instance is immutable
>>> request.GET = request.GET.copy()
<QueryDict: {}>
>>> request.GET['foo'] = 'bar'
>>> request.GET
<QueryDict: {'foo': 'bar'}>

    This has been purposefully designed so that none of the application components are allowed to edit the source request data, so even creating a immutable QueryDict again would break this design. I would still suggest that you follow the guidelines and assign additional request data directly on the request object in your middleware, despite the fact that it might cause you to edit your sources.

    0 讨论(0)
  • 遥遥无期
    2020-11-30 07:47

    Remove immutability:

    if not request.GET._mutable:
   request.GET._mutable = True

# now you can spoil it
request.GET['pwd'] = 'iloveyou'

    Update

    The Django sanctioned way is: request.GET.copy().

    According to the docs:

    The QueryDicts at request.POST and request.GET will be immutable when accessed in a normal request/response cycle. To get a mutable version you need to use QueryDict.copy().

    Nothing guarantees future Django versions will use _mutable. This has more chances to change than the copy() method.

    0 讨论(0)
  • 没有蜡笔的小新
    2020-11-30 07:56

    You shouldn't use GET to send the username and password, it's bad practice (since it shows the information on the URL bar, and might pose a security risk). Instead, use POST. Also, I'm guessing you're trying to authenticate your users, and it seems like you're doing too much work (creating a new middleware) to deal with something that is completely built in, to take the example from the docs:

    from django.contrib.auth import authenticate, login

def my_view(request):
    username = request.POST['username']
    password = request.POST['password']
    user = authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
            login(request, user)
            # Redirect to a success page.
        else:
            # Return a 'disabled account' error message
    else:
        # Return an 'invalid login' error message.

    I myself really like using the login_required decorator, very simple to use. Hope that helps

    0 讨论(0)
  • [愿得一人]
    2020-11-30 08:00 
    request.GET._mutable = True

    you need this.

    def func(request):
   dic = request.GET
   request.GET._mutable = True #to make it editable 
   username = dic.get("username")
   request.GET.pop("pwd")
   request.GET._mutable = False #make it False once edit done
    0 讨论(0)
 看不清?
提交回复
热议问题