Part of this post is the gratuitous, gosh that was easy to integrate! Of course part is a small point that I would like developers to think about.
First off here’s the code snippet, which owes it’s history to:
Zendesk Remote Authentication with Django and Unicode Names and Zendesk remote authenticatin with Djnago (the original posting)
def authorize(request):
if not request.user.is_active :
return HttpResponseRedirect(reverse('openauth:signin'))
try:
timestamp = request.GET['timestamp']
except KeyError:
raise Http404
u = request.user
data = ''.join((u.profile.name(), u.email, u.username, settings.ZENDESK_TOKEN, timestamp))
hash = md5(data.encode('UTF-8')).hexdigest()
url = "%s/access/remote/?%s" % (settings.ZENDESK_URL, urllib.urlencode({
'name' : u.profile.name(),
'email' : u.email,
'external_id' : u.username,
'timestamp' : timestamp,
'hash' : hash,
}))
return HttpResponseRedirect(url)
What’s different — or why am I making this post:
- Use u.get_full_name() rather than the appends with the spaces, in my case I’ve got another object hanging out (profile) which contains the users name.
- Use the django username as the external_id — I though about using user.id, but since username should be unique and fairly inflexible that’s a good approximation.
- Use a join rather than a whole bunch of “%s%s%s%s” no formatting needed…
Finally, the big rant the original code used a bunch of formatted prints to build the URL argument. If you’ve been handed a language with libraries like python and a framework like django, you don’t think about cross site scripting or other breakages (& in the username) which is going to cause problems…. It’s trivial to use urlencode to avoid these problems.