zapier / django-rest-hooks Goto Github PK

With the release of Django 1.8 (at the time of this writing), Django 1.6 has reached end-of-life.

https://www.djangoproject.com/weblog/2015/apr/01/release-18-final/

Since, django-rest-hooks does not currently support Django 1.7 or higher, continued usage of this 3rd library might become integration prohibitive.

I was looking for django apps for web hooks when I found this project. I find it useful but I was wondering why you need a user field/property/attribute on the model to hook it. I understand you use it to filter and trigger hooks. I just don't get the reasoning.

If you have two hooks

Hook(
    user=jrrtolkien,
    event='book.created',
    target='http://example.com/target1'
).save()
Hook(
    user=grrmartin,
    event='book.created',
    target='http://example.com/target2'
).save()

when a new book is created

Book(
    user=jrrtolkien,
    title='The Two Towers',
    pages=327,
    fiction=True
).save()

only the user jrrtolkien will get a notification. Which means a user cannot "subscribe" events related to other users (grrmartin won't know jrrtolkien wrote a new book).
Am I wrong?

It's really annoying because every time we change our hooks it asks for a new migration. It would not be a problem if we can generate this migration inside our application, but it's being generated inside the rest_hooks package library itself. Anyone with the same problem? Using Django v1.8.3 here.

Another compatibility ticket! Tests fail in Django 1.8+ with the following error:

Traceback (most recent call last):
  File "runtests.py", line 44, in <module>
    django.setup()
  File "/Users/briankung/Envs/django-rest-hooks/lib/python3.4/site-packages/django/__init__.py", line 18, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/Users/briankung/Envs/django-rest-hooks/lib/python3.4/site-packages/django/apps/registry.py", line 85, in populate
    app_config = AppConfig.create(entry)
  File "/Users/briankung/Envs/django-rest-hooks/lib/python3.4/site-packages/django/apps/config.py", line 86, in create
    module = import_module(entry)
  File "/Users/briankung/Envs/django-rest-hooks/lib/python3.4/importlib/__init__.py", line 109, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 2254, in _gcd_import
  File "<frozen importlib._bootstrap>", line 2237, in _find_and_load
  File "<frozen importlib._bootstrap>", line 2224, in _find_and_load_unlocked
ImportError: No module named 'django_comments'

Specifically, tests fail in 1.8.0, 1.8.4, and 1.8.7, and pass with 1.7.7 and 1.7.11.

We're working on a conda recipe for this package at conda-forge/staged-recipes#823 and we're wondering what version of the BSD license specifically (2-Clause or 3-Clause) you're using?

Hi!

We've been thinking about our shiny new RestHooks and thought that it would be neat if there was another column in the Hooks table that let you define an option "template" for the hook data if the hook destination needed it in an alternative format.

Very Simple example. Say I have this normal hook response defined in serialize_hook, but the data destination is expecting "phone_number" instead of "from_number":

data  = {
   'from_number': self.from_number
}

With hook templates I could change that to:

{
    'phone_number': {from_number}
}

Thoughts?

-Lyle

Provide an AbstractHook abstract model class that could be easily implemented in the local Django project to support all kind of customizations.

This would also require a settings to override the default usage of the Hook model to retrieve the proper Hook objects from the custom model.

Because of the last two params on this line here: https://github.com/zapier/django-rest-hooks/blob/master/rest_hooks/models.py#L88 if you want to use a celery task to move the processing to an async task with celery you are forced to use pickle for task serialization which is bad: http://docs.celeryproject.org/en/latest/faq.html#isn-t-using-pickle-a-security-concern

Given the payload is the json serialized object, do we need to pass through the instance? Also, if the hook must be passed in, could it be hook.id?

Django 2.0 is now available https://www.djangoproject.com/weblog/2017/dec/02/django-20-released/

django-rest-hooks cannot be used with Django 2.0 at the moment:

[...]
lib/python3.6/site-packages/rest_hooks/models.py", line 43, in AbstractHook
    user = models.ForeignKey(AUTH_USER_MODEL, related_name='%(class)ss')
TypeError: __init__() missing 1 required positional argument: 'on_delete'

From https://docs.djangoproject.com/en/2.0/releases/2.0/#features-removed-in-2-0:

The on_delete argument for ForeignKey and OneToOneField is now required in models and migrations.

A value need to be set for on_delete on the user ForeignKey of the AbstractHook
model: https://github.com/zapier/django-rest-hooks/blob/master/rest_hooks/models.py#L43

@avelis any input on what should be a safe default value? CASCADE?

Linked with #22

The following commit django/django@5bc3123 breaks unit test test_signal_emitted_upon_success in test class rest_hooks.tests.RESTHooksTest.

Research will have to be looked into in how to rectify the discrepancy.

Potential solution: Force ordered dict into a regular dictionary in Hook.seralize_hook: https://github.com/zapier/django-rest-hooks/blob/master/rest_hooks/models.py#L66

Ideally raw_custom_event would share more logic with the other event types. Specifically the HOOK_FINDER setting /find_and_fire_hook.

For additional background, my particular use case is creating a set of admin hook subscriptions. I want admins to get webhook notifications for events on any user (basically the + option for all hook types). If there is a preferred way to go about this, I'd love to hear any input. Otherwise, what are the thoughts on integrating HOOK_FINDER into raw_custom_event?

The tests seem to be passing just fine with Python 3 and Django 1.7.7. I'm not sure if this means that it is compatible with Python3, however. Is it python3 compatible?

Hi!

We're implementing this and noticed that if you update a ManyToMany field, the "updated" event is triggered, but the reference to the ManyToMany field in the serialize_hook method does not contain the updated values for the ManyToMany field.

Any advice?

-Lyle

I noticed that hooks with the "+" option were not being triggered for all users as I'd expected from the documentation - at least, not reliably.

From the documentation:

If you want a Hook to be triggered for all users, add '+' to built-in Hooks or pass user_override=False for custom_hook events

However, in utils.py, user_override looks like it is set to True if there is a plus sign: https://github.com/zapier/django-rest-hooks/blob/master/rest_hooks/utils.py#L82

            if model == maybe_model and action == maybe_action[0]:
                event_name = maybe_event_name
                if len(maybe_action) == 2:
                    user_override = True

    if event_name:
        find_and_fire_hook(event_name, instance, user_override=user_override)

In find_and_fire_hook, meanwhile, user_override=True is not accounted for:

    if user_override is not False:
        if user_override:
            filters['user'] = user_override
        elif hasattr(instance, 'user'):
            filters['user'] = instance.user
        elif isinstance(instance, User):
            filters['user'] = instance
        else:
            raise Exception(
                '{} has no `user` property. REST Hooks needs this.'.format(repr(instance))
            )

       # ...comments...

    hooks = Hook.objects.filter(**filters)
    for hook in hooks:
        hook.deliver_hook(instance)

Setting filters['user'] = user_override results in filters['user'] = True. This means that Hook.objects.filter(**filters) will filter for user=True. I was very confused what that meant - I thought it reasonable to assume that it would might be equivalent to user__isnull=False, but the actual result is stranger. I tested it with a few of our own models.

It turns out that if you ask for SoAndSoModel.objects.filter(related_object=True), Django casts related_object=True to related_object_id=1 and related_object=False to related_object_id=0 in the query.

pprint(connection.queries)
# For SoAndSoModel.objects.filter(related_object=True)
[{'sql': 'SELECT "thing_SoAndSoModel"."id", '
         # ...
         'WHERE "thing_SoAndSoModel"."related_object_id" = 1 LIMIT 21',
  'time': '0.004'},

# For SoAndSoModel.objects.filter(related_object=False)
 {'sql': 'SELECT "thing_SoAndSoModel"."id", '
         # …
         'WHERE "thing_SoAndSoModel"."related_object_id" = 0 LIMIT 21',
  'time': '0.001’}]

Which means that rest_hooks is only returning hooks where user_id=1.

That's my theory, anyway. If I have a moment later, I'll write a test to confirm.

simplejson is deprecated in Django 1.6. This repo imports simplejson which results in warnings:
https://github.com/zapier/django-rest-hooks/search?utf8=%E2%9C%93&q=simplejson

Please update!

I see some indicators that this project may no longer be maintained. I am considering incorporating this into our code base and I wanted to know if it would be possible to get some sort of confirmation from Zapier that there is an intention to maintain this project over the long term.

It appears that JIRA integration may be 'broken' which is preventing tests from passing and/or interested maintainers from merging PRs (see #67 and #68).

Any comment from Zapier on this would be greatly appreciated.

@bryanhelmig @bcooksey

The built in Signals (in models.py) don’t work with a custom Hook model because they are hard coded to use the built in model.

Seems like the right way to handle this is to add an optional setting pointing to the custom model, and then use the value of that setting instead of hardcoded references to models.Hook.

Hi Guys!

We're very interested in implementing this to make our Zapier integration snappier!

We have a couple of "brainstorming" question:
Because our system is dealing with phone calls that could be in various states, we only want to trigger events for things with a status of "completed". We wouldn't want the obj.created hook to trigger until the call actually completes.

I'm assuming the only way to do this is to manually fire the obj.created hook when the status of the call changes to "completed". Is that the best way? Is there some way to possibly filter when obj.updated hooks are sent through this API?

Thanks,
Lyle

The sample code for the Django REST Framework in the README uses webhooks naming. This seems conceptually confusing, since the whole point here is to use REST hooks instead of just web hooks, right?

https://github.com/zapier/django-rest-hooks/blob/master/rest_hooks/utils.py#L8 needs updating to:

try:
    from importlib import import_module
except:
    from django.utils.importlib import import_module

I am trying to building something similar to the webhooks available for GitHub organizations.

I note that GitHub binds its hooks to their organization model i.e. send me all status updates of things within this organization.

I don't see any affordance for this functionality here, is that the case, is it worth adding? I think this is particularly useful combined with user overriding +, or at least I think that's what I want to be doing.

When Zapier POSTs to my /api/v1/hooks/ uri, it sends this as the data...

{"subscription_url": "https://zapier.com/hooks/standard/1453504/8a7907ee05a54e68be99bcdc969155c6/", "target_url": "https://zapier.com/hooks/standard/1453504/8a7907ee05a54e68be99bcdc969155c6/", "event": "entry.created"}

To create a Hook Resource you need to provide user, event, and target.

The target is specified but it is target_url not target. (It also appears to be in subscription_url)

So the new resource is created but the target field is empty.

I realize I can just overwrite my Hook Resource's obj_create method and map target_url to target but it seems that these key names should match up. :)

Is my understanding correct?

I think django-rest-hooks would be a good fit for a project I'm working on but would like to be sure before I head down the path of using it.

I have a django rest framework serializer already working from a view input.

I'd like to have this done as a scheduled event rather than manually.

1. read JSON data in using requests to get a list of imdb ids and showtimes from our POS system
2. serializer would then add the films into django.

Is this a good fit?

travis can't publish new versions on PyPI:
https://travis-ci.org/zapier/django-rest-hooks/jobs/532372176#L796

HTTPError: 400 Client Error: User 'bryanhelmig' does not have a verified primary email address. Please add a verified primary email before attempting to upload to PyPI. See https://pypi.org/help/#verified-email for more information.for more information. for url: https://upload.pypi.org/legacy/

@avelis , @bryanhelmig Can someone fix this?

While trying to install the lib:

Could not find a version that satisfies the requirement django-rest-hooks==1.6.0 (from -r /opt/app/setup/base_requirements.txt (line 152)) (from versions: 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.4.0, 1.4.3, 1.5.0)

Hi.
Using this package, I developed simple project that send notification to client.
In other words, a user created a book, and then someone updated it.
Then origin user received notification "Someone changed your book.".
But in your doc, there is no way to receive data made by target url.
Help.

Not sure if there is a better standard practice but using the webhooks I've noted that I need to setup an open POST hook endpoint on the server receiving the webhooks without any security. As a result anyone can send a webhook to me and I'd have to blindly accept it.

Another webhook system I've used would encrypt the request body using a shared secret created when setting up the webhook. That way no one could send a webhook unless they knew the shared secret.

I'd propose a method of adding a shared secret to this package - as an option in settings.

If the setting is present we add a new field to the AbstractHook and in the deliver_hook method we can encrypt the payload.

This could be done as a customisation but I reckon it adds more value as part of this package - it should be a common use case as open ended hook endpoints are not great.

Happy to make the contribution unless it's not wanted/there is a better practice.

I see the dev requirements are no covering Django 1.10?
Any plan to support this? and beyond?

If you want a Hook to be triggered for all users, add '+' to built-in Hooks

IMO that needs to be emphasized in the docs more clearly. Has serious potential for accidental misuse given the examples shown.

If requests.Sessions are used instead of the module level methods, then the client will automatically take advantage of connection pooling.

Relatedly, requests_futures also provides a FutureSession which would make the threaded client unnecessary.

I am implementing a webhook-like system, and your library looks to fit the bill – however, I need to define hooks on the fly – they're based on statuses stored in the database that the users/admins can customise – just wondering why you require settings be defined in advance in settings.py, and what problems I'd run into ripping out that validation.

Similar to issue #33 I'm interested in this project but need send webhooks based on an object belonging to a group and not just a user.

By the look of this we could do it by adding a group property to the AbstractHook model. Making both user and group optional but that at least one must be filled.

And then amending the find_and_fire_hook function to look for groups as well.

I can set up a fork to get this working. Would you be interested in merging it in if I do? Or should I roll my own version?

I´ll start by asking. Is it possible? I couldn't´t found a way to do that. I´ll explain what:

I have a model, say A with fields a, b, c. An instance of this model will be modified at some point. I would like to be able to set up a hook so it is only fired when field a or b are modified.

Is it possible to accomplish using current version? if not, it would be a good enhancement.

Greetings, and keep up the good work.

I have followed the documentation and to be honest I am a bit lost. I wanted to test a simple event where the user logs in an a query is sent to a server.

I have registered my hooks

HOOK_EVENTS = {
    # 'any.event.name': 'App.Model.Action' (created/updated/deleted)
    'user.logged_in':       'django.contrib.auth.models.User.created+',
    'user.added':       'django.db.models.signals.pre_save+',
    'user.changed':       'django.db.models.signals.pre_save+'
}

They are visible in django admin and I added the actions in the database. The request is not being sent however, what I'm I missing?