[Answered ]-Generate PDF of Protected Django Webpage with Attachments

by

2πŸ‘

βœ…

I got it working! Through a combination of PyPDF2 and pdfkit, I got this to work pretty simply. It works on protected pages because django takes care of getting the complete html as a string, which I just pass to pdfkit. It also supports appending attachments, but I doubt (though I haven’t tested) that it works with anything other than pdfs. 

from django.template.loader import get_template
from PyPDF2 import PdfFileWriter, PdfFileReader
import pdfkit

def append_pdf(pdf, output):
    [output.addPage(pdf.getPage(page_num)) for page_num in range(pdf.numPages)]


def render_to_pdf():
    t = get_template('app/template.html')
    c = {'context_data': context_data}

    html = t.render(c)
    pdfkit.from_string(html, 'path/to/file.pdf')

    output = PdfFileWriter()
    append_pdf(PdfFileReader(open('path/to/file.pdf', "rb")), output)

    attaches = Attachment.objects.all()

    for attach in attaches:
        append_pdf(PdfFileReader(open(attach.file.path, "rb")), output)

    output.write(open('path/to/file_with_attachments.pdf', "wb"))
πŸ‘€Nealon

1πŸ‘

If you just want to secure it, you could write a custom Authentication Backend that lets your server spoof users. Way over-kill but it would solve your problem and at least you get to learn about custom auth backends! (Note: You should be using HTTPS.)

https://docs.djangoproject.com/en/1.11/topics/auth/customizing/#writing-an-authentication-backend

  1. Create auth backend in app/auth_backends.py
  2. Add app.auth_backends.SpoofAuthBackend backend to settings.py that takes a shared_secret and user_id.
  3. Create a URL route like url(r'^spoof-user/(?P<user_id>\d+)/$', 'app.views.spoof_user', name="spoof-user")
  4. Add the view spoof_user that must invoke both django.contrib.auth.authenticate (which invokes backend in #1 above) and after getting user from authenticate(...) you pad the request with the user django.contrib.auth.login(request, user). Finally, this view should return HttpResponseForbidden if the shared secret is wrong or HttpResponseRedirect to the PDF URL you actually want (after logging in to spoof user programmatically via authenticate and login).

You would probably want to create a random secret key each request using something like cache.set('spoof-user-%s' % user_id, RANDOM_STRING, 30) which persists shared secret for 30 seconds to allow time for request. Then perform pdf_response = requests.get("%s?shared_secret=1a2b3c&redirect_uri=/path/to/pdf/" % reverse('spoof-user', kwargs={'user_id': 1234})). Your new view will test the provided shared_secret in auth backend, login user to request and perform redirect to request.GET.get('redirect_uri').

πŸ‘€pztrick

-1πŸ‘

You can use pdfkit to do that. You can retrieve the page using the url and pdfkit will handle the rest:

pdfkit.from_url('http://website.com/somepage', 'somepage.pdf')

You will have to properly access the page using the appropriate headers for it is protected of course:

options = {
    'cookie': [
        ('cookie-name1', 'cookie-value1'),
        ('cookie-name2', 'cookie-value2'),
    ]
}

pdfkit.from_url('http://website.com/somepage', 'somepage.pdf')
`
πŸ‘€Al Kafri Firas

Leave a comment