Handle POST requests in views (sent by users)

I’m building a site where users can submit responses in JSON to a URL/view, and Django will read the body and check if it is the required body (evaluating answers).

I found this approach to be more suitable for DRF (Django Rest Framework); however, my site is built using Django and cookiecutter-django. Is there any way that this flow can be achieved with Django?

Here is a description on what I want to achieve:

  • I define a URL for handling submissions in urls.py
  • The view associated with the URL handles POST requests sent by the user using Postman, etc.
  • The view checks if the user is authenticated (this is where I’m confused; I’m using django-allauth for auth, can I generate access tokens for an user and validate it?)
  • If the request body matches the required body, update the score associated with an user.

I would not like to use forms as an interface for submitting answers.

It’s my first time using Django, so I’m open to any ideas!

No problem.

I don’t necessarily agree with this. I do a lot with JSON requests being processed by views without ever touching DRF. Depending upon what you need to do with those requests, DRF may not be the best option. (<opinion> DRF is most suited where there’s a very close relationship between the requests and the models. When there’s little or no relationship between those two, there’s much less value in DRF. </opinion>)

If your users are currently authenticating through the site, they should have a sessionid cookie that is being sent with each request. Django uses that cookie to associate the request with a user. As long as that cookie is included in your POST, you’re ok.

Not a problem - especially since you’re submitting JSON data and not HTML form data.

Thanks! I’m confused on how should I expose the cookies to the user, I want the view to display a URL like this:

Post your solution to: /<problem-id>/solve

If the view at /<problem-id>/solve can handle the request; how do I verify that it is the user and update the score accordingly?

I was thinking of retrieving some sort of access token associated with the user through django-allauth, and display it to the view like this:

Post your solution to: /<problem-id>/solve?access_token=<token>

I couldn’t find a way to utilize/retrieve access tokens using django-allauth. I’m using cookiecutter-django as my base, if that helps. I’m not planning on editing the auth logic for now, and would like to keep it as it is for now.

If the user has previously authenticated, they have the cookie. You don’t need to “expose” anything. The browser is going to include that in every post.

Yes, but for now it’s guaranteed that the user posts a request through their scripts/programs (Python, JS, etc.) (where the user is expected to construct a POST request)

The dashboard/problems would be rendered through views. Since the cookie resides on the browser, can Django verify if the POST request (without the cookie) made to the view, is coming from the current user?

If I misunderstood something, please feel free to correct me! :smiley:

You are correct, it cannot.

About the best you might be able to do is expose the sessionid in the browser session, and have the user copy that id to their script.