Zendesk and Django integration

Part of this post is the gratuitous, gosh that was easy to integrate!  Of course part is a small point that I would like developers to think about.

First off here’s the code snippet, which owes it’s history to:

Zendesk Remote Authentication with Django and Unicode Names and Zendesk remote authenticatin with Djnago (the original posting)

 1def authorize(request):
 2    if not request.user.is_active :
 3        return HttpResponseRedirect(reverse('openauth:signin'))
 5    try:
 6        timestamp = request.GET['timestamp']
 7    except KeyError:
 8        raise Http404
10    u = request.user
12    data = ''.join((u.profile.name(), u.email, u.username, settings.ZENDESK_TOKEN, timestamp))
13    hash = md5(data.encode('UTF-8')).hexdigest()
15    url = "%s/access/remote/?%s" % (settings.ZENDESK_URL, urllib.urlencode({
16        'name' : u.profile.name(),
17        'email' : u.email,
18        'external_id' : u.username,
19        'timestamp' : timestamp,
20        'hash' : hash,
21    }))
23    return HttpResponseRedirect(url)

What’s different — or why am I making this post:

  • Use u.get_full_name() rather than the appends with the spaces, in my case I’ve got another object hanging out (profile) which contains the users name.
  • Use the django username as the external_id — I though about using user.id, but since username should be unique and fairly inflexible that’s a good approximation.
  • Use a join rather than a whole bunch of “%s%s%s%s” no formatting needed…

Finally, the big rant the original code used a bunch of formatted prints to build the URL argument.  If you’ve been handed a language with libraries like python and a framework like django, you don’t think about cross site scripting or other breakages (& in the username) which is going to cause problems…. It’s trivial to use urlencode to avoid these problems.