These are chat archives for mirumee/saleor

15th
Aug 2018
Saqib khan
@saqibkhan2523
Aug 15 2018 01:18
[Wed Aug 15 01:09:17.240064 2018] [wsgi:error] [pid 14328:tid 140275526600448] [remote 39.53.22.238:27753] mod_wsgi (pid=14328): Target WSGI script '/home/ubuntu/ecom/$
[Wed Aug 15 01:09:17.240110 2018] [wsgi:error] [pid 14328:tid 140275526600448] [remote 39.53.22.238:27753] mod_wsgi (pid=14328): Exception occurred processing WSGI scr$
[Wed Aug 15 01:09:17.240269 2018] [wsgi:error] [pid 14328:tid 140275526600448] [remote 39.53.22.238:27753] Traceback (most recent call last):
[Wed Aug 15 01:09:17.240291 2018] [wsgi:error] [pid 14328:tid 140275526600448] [remote 39.53.22.238:27753]   File "/home/ubuntu/ecom/saleor/saleor/wsgi/__init__.py", l$
[Wed Aug 15 01:09:17.240296 2018] [wsgi:error] [pid 14328:tid 140275526600448] [remote 39.53.22.238:27753]     from django.core.wsgi import get_wsgi_application  # noqa
[Wed Aug 15 01:09:17.240310 2018] [wsgi:error] [pid 14328:tid 140275526600448] [remote 39.53.22.238:27753] ImportError: No module named 'django'
This is the error of my error.log file it is saying no django module it is installed. Why wsgi is not being able to access it?
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 12:35
guys, can answer please, maybe you know: i need public user unique data, but not name, email etc... need something like token. Are secure public user token for all? account_user.token ?
Joshua Fialkoff
@jfialkoff
Aug 15 2018 14:05
@saqibkhan2523 Sounds to me like you're running wsgi outside your virtual environment in which case it won't have access to the python packages you installed there. That sound possible?
@mmmsvit_gitlab I believe the best available at the moment is user.id. You can also make a hash out of that ID or modify the code to create a user token.
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 17:32
@jfialkoff th, i do
def uid(self: token) -> str:
    """
    Little crypt user token for public
    :return: crypted token str
    """
    def swap(s, i, j):
        return ''.join((s[:i], s[j], s[i + 1:j], s[i], s[j + 1:]))
    return swap(str(self.token)[::-1], 1, 3)
but still understand are save public token or not?
Joshua Fialkoff
@jfialkoff
Aug 15 2018 17:41
If you want to translate the token back into an ID (e.g., to access the product via a .URL), you either need to use a 2-way hash or store the token in the DB. If you're trying to enhance security, I recommend generating random strings to associate with each item, and storing those strings in the DB. You'll need to add a field to Product (or whatever model you're trying access this way) to store the token.
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 17:47
try explaine, i create shop when al customers can do comments for example etc. but anonymous, this very important
Joshua Fialkoff
@jfialkoff
Aug 15 2018 17:48
What's the token for?
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 17:49
and for identificate user need some user id, but not simple number, token - perfect!, but have little question, this is secure to public user.token or not?
Joshua Fialkoff
@jfialkoff
Aug 15 2018 17:54
What is your security concern?
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:03
i use google auth for customers auth and standart email+password for superuser auth, for customers need public token (or similar how token info, accessed for all). I need know, are secure public user token or not? (sory my poor English, i from Ukraine)
Joshua Fialkoff
@jfialkoff
Aug 15 2018 18:07
No worries. So a user ID won't mean anything to a third party except for the information you give them, or if they break into the Database. A token is a bit more secure. Consider a url like /send-message/5/. The 5 here is a user ID. If you forgot to properly secure this endpoint, someone could write a script to send a spam message to everyone by simply iterating through integers: /send-message/1/, /send-message/2/, /send-message/3/, ...
If you used a token, this url would like /send-message/2oihgoie24898ifhjo239e8f/. 2oihgoie24898ifhjo239e8f in this case is the token
Because this is randomly generated, it's a lot harder to guess.
If that's what you're after, I'd generate unique IDs using this library: https://docs.python.org/2/library/uuid.html
Then you store those IDs in the database.
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:10
token will be used only for: our winner is user token: x-x-x-x-x-x...... without user page accesed from token
token dont will be part any url
just message
Joshua Fialkoff
@jfialkoff
Aug 15 2018 18:11
Let's say that it won't hurt but I don't think you're making anything any more secure
And if this is your use case, it makes more sense to me that you let users choose a username
"Our winner is <username>"
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:15
this is need for random.org
username cant be used - only some autogenerated
this is required my project
Joshua Fialkoff
@jfialkoff
Aug 15 2018 18:16
Gotcha. That's fine
So, yea, it certainly won't hurt, and I can see some ways that it makes the system more secure.
Ultimately, it seems like it's a requirement for your project. So, it doesn't really matter whether it's more secure or not, right?
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:19
right, i just wory, what if i public tokens, can hack used public tokenks
Joshua Fialkoff
@jfialkoff
Aug 15 2018 18:19
They'll only mean something to someone that has access to your DB or backend
Or if you have an endpoint for your application that uses the token somehow without checking permissions
Like the URL above
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:24
th for help! i understand!
Joshua Fialkoff
@jfialkoff
Aug 15 2018 18:25
You're welcome. Good luck!
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:26
you too)
Lebzanwa
@Lebzanwa
Aug 15 2018 18:32
Hi, guys. I'm trying to develop. A retail eCommerce site, using Saleor help. I trying to create something like (e.g. Instacart) around my area. Is it possible? What should I look for? Tools that can help me to develop? Please advice me... Thanks.
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:32
what is Instacart?
Joshua Fialkoff
@jfialkoff
Aug 15 2018 18:35
@Lebzanwa Sounds to me like you just need to spend some time looking at the code, and playing with the software. You should be able to answer your own questions.
Николай Инкогнито
@mmmsvit_gitlab
Aug 15 2018 18:35
i from Ukraine, i dont know this service. So can you explaine points for develop what need?
Lebzanwa
@Lebzanwa
Aug 15 2018 18:36
@jfialkoff alright. Thanks
Saqib khan
@saqibkhan2523
Aug 15 2018 18:50
@jfialkoff I followed this guide: https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-apache-and-mod_wsgi-on-ubuntu-16-04
I ran the project mentioned in this guide and django was running. After that I just replaced directory paths with that of saleor's and my virtual env.
Joshua Fialkoff
@jfialkoff
Aug 15 2018 18:52
Yea, I just finished getting Saleor up on DO. It wasn't easy. Were you successful?