miércoles, 27 de enero de 2016

Django, where are the INSTALLED_APPS saved? How to debug them?

This is a brief comment about where are the django INSTALLED_APPS installed.

So basically when you are installing a new app that you are planning to us, django-undriendly for example, it can be installed with easy install with follow premises:

a) You have to execute it in the virtual environment (virtualenv) of your project
b)  do not execute easy_install with sudo.

Now, where are the INSTALLED_APPS?

For example , mi virtual environment is located at:


then the INSTALLED_APPS are at:


There you are!!!

Ok, now a little tip. You probably want to debug the INSTALLED_APPS cause there is a bug or they are not doing something you want to. 

Inside that directory are couple of subdirectories: EGG-INFO  unfriendly

EGG-INFO has the dependencies, package info, name of the APP, etc.

'unfriendly' has  views.py and all the APP views, you can add traces like: print "THIS IS MY TRACE MESSAGE" 

P.S.  Do you want to hear some music from the animalflag band?

martes, 26 de enero de 2016

Setting up django-unfriendly with examples

Here we go one more time. This is a guide that extends the documentation of django-haystack and some troubleshooting.

Fitst things first, visit the "Read the docs" first.

github: https://github.com/tomatohater/django-unfriendly

Ok, so follow is the same "Read the docs", but with comments and some more examples, my comments are in bold blue.



The unfriendliest urls in town! django-unfriendly is a Django app that obfuscates urls and allows your application to natively execute the original view.
https://travis-ci.org/tomatohater/django-unfriendly.png?branch=master https://coveralls.io/repos/tomatohater/django-unfriendly/badge.png?branch=master https://badge.fury.io/py/django-unfriendly.png
There is lots of talk about SEO friendly urls. The trend is towards more and more human readable information in your urls and Django makes it easy to create urls like:
But sometimes urls can give too much away. This is where django-unfriendly comes in.
django-unfriendly provides a template filter that obfuscates urls in your templates, and a url handler/view that deobfuscates and executes the original view (e.g. no redirection).


Perhaps you have a Django application with readable information in urls such as:
# original url
And you don't want nosy people trying to guess other urls:
# user guesses another url (that likely exists)
You can obfuscate the url which might look like:
# obfuscated url
Which will show the same response as the original url.


  1. The application must be completely transparent... Obfuscated urls should behave exactly like the original url. HTTP responses should be indistinguishable.
  2. The original url must never be exposed (no redirect).
  3. Tampering with the obfuscated url should be difficult. A tampered url should return a 404 - Page not found error.
  4. Obfuscated urls should be idempotent and may be safely cached. Or at least as cachable as the original url.


  1. Install the django-unfriendly package:
    # with pip
    pip install django-unfriendly
    # or with easy_install
    easy_install django-unfriendly
  2. The only dependency is pycrypto. Make sure it's installed:
    # with pip
    pip install pycrypto
    # or with easy_install
    easy_install pycrypto
  3. Add unfriendly to your INSTALLED_APPS:
  4. Add unfriendly.urls to your urls.py:
    urlpatterns = patterns('',
        url(r'^u/', include('unfriendly.urls')),


Load the tag library into any templates where you want to use django-unfriendly:
{% load unfriendly_tags %}
Then apply the obfuscate filter to any url you'd like to hide:
<a href="{{ "/music/awesome/the-melvins/"|obfuscate }}">Melvins awesome</a>
Django would accept an href like: 
<a href="/music/awesome/the-melvins">Register Actor</a>

(notice that the last forward slash is missed '/')

However unfriendly with fail (with a blank page-no-error) with the missed forward slash, like:
<a href="{{"/music/awesome/the-melvins"|obfuscate}}">     <<<<-- No last forward slash

Unfriendly instead requires the forward slash, like:
<a href="{{"/music/awesome/the-melvins/"|obfuscate}}">

Or with {% url view %} reversal:
{% url path.to.view as melvins_url %}
<a href="{{ melvins_url|obfuscate }}">Melvins awesome</a>
If SEO is still important to you, you can pass some SEO juice to the filter:
<a href="{{ melvins_url|obfuscate:"King Buzzo rocks" }}">Melvins awesome</a>


The following may be added to your setting.py to customize the behavior of this app.

    • default: True
    • Enables the template filter. When False, template filter returns original unaltered URL.

    • default: SECRET_KEY (well, first 32 bytes of it)
    • Random key used for encryption/decryption. Note: AES keys must be either 16, 24, or 32 bytes long.
    • default: SECRET_KEY (well, first 16 bytes of it)
    • Initial vector required by AES cipher. Note: AES initial vector must be 16 bytes long
    • default: True
    • Determines whether or not the decrypted data is validated against a crc checksum to detect tampering.

Add this to: yoursite/settings.py

#AES UNFRIENDLY_SECRET key must be either 16, 24, or 32 bytes long
#Initialization Vector is 16 bytes long, and has to be chanced in production vs dev
UNFRIENDLY_IV = 'g#revg3#*xw9j67h"

P.S. In the festivals it is common to see flags everywhere!