Commit b49f1de2efc849b8404f28798a801ca3210fb3bd - flask-wtf

Imported Upstream version 0.5.2 SVN-Git Migration 8 years ago

13 changed file(s) with 787 addition(s) and 242 deletion(s). Raw diff Collapse all Expand all

-1

Flask_WTF.egg-info/PKG-INFO less more

0	0	Metadata-Version: 1.0
1	1	Name: Flask-WTF
2		Version: 0.3.3
	2	Version: 0.5.2
3	3	Summary: Simple integration of Flask and WTForms
4	4	Home-page: http://bitbucket.org/danjac/flask-wtf
5	5	Author: Dan Jacob

-1

Flask_WTF.egg-info/SOURCES.txt less more

11	11	docs/Makefile
12	12	docs/conf.py
13	13	docs/index.rst
	14	docs/index.rst.orig
14	15	docs/make.bat
15	16	docs/_static/flask-wtf.png
16	17	docs/_themes/README

22	23	docs/_themes/flask_small/static/flasky.css_t
23	24	flaskext/__init__.py
24	25	flaskext/wtf/__init__.py
	26	flaskext/wtf/file.py
	27	flaskext/wtf/html5.py
25	28	flaskext/wtf/recaptcha/__init__.py
26	29	flaskext/wtf/recaptcha/fields.py
27	30	flaskext/wtf/recaptcha/validators.py
28	31	flaskext/wtf/recaptcha/widgets.py
29	32	tests/__init__.py
30		tests/__init__.py.orig
31	33	tests/flask.png
32	34	tests/templates/hidden.html
33	35	tests/templates/index.html

-1

PKG-INFO less more

0	0	Metadata-Version: 1.0
1	1	Name: Flask-WTF
2		Version: 0.3.3
	2	Version: 0.5.2
3	3	Summary: Simple integration of Flask and WTForms
4	4	Home-page: http://bitbucket.org/danjac/flask-wtf
5	5	Author: Dan Jacob

-2

docs/conf.py less more

44	44	# built documents.
45	45	#
46	46	# The short X.Y version.
47		version = '0.3'
	47	version = '0.5'
48	48	# The full version, including alpha/beta/rc tags.
49		release = '0.3'
	49	release = '0.5'
50	50
51	51	# The language for content autogenerated by Sphinx. Refer to documentation
52	52	# for a list of supported languages.

+127

-5

docs/index.rst less more

37	37
38	38	form = MyForm(csrf_enabled=False)
39	39
40		Generally speaking it's a good idea to enable CSRF. There are two situations where you might not want to:
41		unit tests and AJAX forms. In the first case, switching ``CSRF_ENABLED`` to ``False`` means that your
42		forms will still work (and the CSRF hidden field will still be printed) but no validation will be done. In the
43		second, CSRF validation is skipped if ``request.is_xhr`` is ``True`` (you can't do cross-domain AJAX anyway,
44		so CSRF validation is redundant).
	40	Generally speaking it's a good idea to enable CSRF. If you wish to disable checking in certain circumstances - for
	41	example, in unit tests - you can set ``CSRF_ENABLED`` to False in your configuration.
	42
	43	NOTE: Previous to version 0.5.2, Flask-WTF automatically skipped CSRF validation in the case of AJAX
	44	POST requests, as AJAX toolkits added headers such as ``X-Requested-With`` when using the XMLHttpRequest and browsers
	45	enforced a strict same-origin policy.
	46
	47	However it has since come to light that various browser plugins can circumvent these measures, rendering AJAX requests
	48	insecure by allowing forged requests to appear as an AJAX request.
	49
	50	Therefore CSRF checking will now be applied to all POST requests, unless you disable CSRF at your own risk through the options
	51	described above.
	52
	53	A more complete description of the issue can be found `here <http://www.djangoproject.com/weblog/2011/feb/08/security/>`_.
	54
	55	One common pattern in wtforms is `enclosed forms <http://wtforms.simplecodes.com/docs/0.6.1/fields.html#field-enclosures>`_. For example::
	56
	57	class TelephoneForm(Form):
	58	country_code = IntegerField('Country Code', [validators.required()])
	59	area_code = IntegerField('Area Code/Exchange', [validators.required()])
	60	number = TextField('Number')
	61
	62	class ContactForm(Form):
	63	first_name = TextField()
	64	last_name = TextField()
	65	mobile_phone = FormField(TelephoneForm)
	66	office_phone = FormField(TelephoneForm)
	67
	68	The problem with using the ``Form`` class provided by Flask-WTF is that the class will automatically include the CSRF validation. You don't need this for every single form - just the enclosing "master" form.
	69
	70	The easiest way to do this is to just override the enclosed form constructor::
	71
	72	class TelephoneForm(Form):
	73	country_code = IntegerField('Country Code', [validators.required()])
	74	area_code = IntegerField('Area Code/Exchange', [validators.required()])
	75	number = TextField('Number')
	76
	77	def __init__(self, args, *kwargs):
	78	kwargs['csrf_enabled'] = False
	79	super(TelephoneForm, self).__init__(args, *kwargs)
	80
	81	This will disable CSRF validation for all ``TelephoneForm`` instances.
45	82
46	83	The ``CSRF_SESSION_KEY`` sets the key used in the Flask session for storing the generated token string. Usually
47	84	the default should suffice, in certain cases you might want a custom key (for example, having several forms in a

115	152	form=form,
116	153	filename=filename)
117	154
	155	It's recommended you use werkzeug.secure_filename on any uploaded files as shown in the example to prevent malicious attempts to access your filesystem.
	156
118	157	Remember to set the ``enctype`` of your HTML form to ``multipart/form-data`` to enable file uploads::
119	158
120	159	<form action="." method="POST" enctype="multipart/form-data">
121	160	....
122	161	</form>
	162
	163	Note: as of version 0.4 all FileField instances have access to the corresponding FileStorage object
	164	in request.files, including those embedded in FieldList instances.
	165
	166
	167	Validating file uploads
	168	-----------------------
	169
	170	Flask-WTF supports validation through the `Flask Uploads <http://packages.python.org/Flask-Uploads/>`_ extension. If you use this (highly recommended) extension you can use it to add validation to your file fields. For example::
	171
	172
	173	from flaskext.uploads import UploadSet, IMAGES
	174	from flaskext.wtf import Form, FileField, file_allowed, \
	175	file_required
	176
	177	images = UploadSet("images", IMAGES)
	178
	179	class UploadForm(Form):
	180
	181	upload = FileField("Upload your image",
	182	validators=[file_required(),
	183	file_allowed(images, "Images only!")])
	184
	185	In the above example, only image files (JPEGs, PNGs etc) can be uploaded. The file_required validator, which does not require Flask-Uploads, will raise a validation error if the field does not contain a FileStorage object.
	186
	187
	188	HTML5 widgets
	189	-------------
	190
	191	Flask-WTF supports a number of HTML5 widgets. Of course, these widgets must be supported by your target browser(s) in order to be properly used.
	192
	193	HTML5-specific widgets are available under the flaskext.wtf.html5 package::
	194
	195	from flaskext.wtf.html5 import URLField
	196
	197	class LinkForm():
	198
	199	url = URLField(validators=[url()])
	200
	201	See the `API`_ for more details.
123	202
124	203	Recaptcha
125	204	---------

142	221
143	222	``RECAPTCHA_OPTIONS`` is an optional dict of configuration options. The public and private keys are required in
144	223	order to authenticate your request with Recaptcha - see `documentation <https://www.google.com/recaptcha/admin/create>`_ for details on how to obtain your keys.
	224
	225	Under test conditions (i.e. Flask app ``testing`` is ``True``) Recaptcha will always validate - this is because it's hard to know the correct Recaptcha image when running tests. Bear in mind that you need to pass the data to `recaptcha_challenge_field` and `recaptcha_response_field`, not `recaptcha`::
	226
	227	response = self.client.post("/someurl/", data={
	228	'recaptcha_challenge_field' : 'test',
	229	'recaptcha_response_field' : 'test'})
145	230
146	231	If `flaskext-babel <http://packages.python.org/Flask-Babel/>`_ is installed then Recaptcha message strings can be localized.
147	232

210	295
211	296	.. autoclass:: RecaptchaWidget
212	297
	298	.. module:: flaskext.wtf.file
	299
	300	.. autoclass:: FileField
	301	:members:
	302
	303	.. autoclass:: FileAllowed
	304
	305	.. autoclass:: FileRequired
	306
	307	.. module:: flaskext.wtf.html5
	308
	309	.. autoclass:: SearchInput
	310
	311	.. autoclass:: SearchField
	312
	313	.. autoclass:: URLInput
	314
	315	.. autoclass:: URLField
	316
	317	.. autoclass:: EmailInput
	318
	319	.. autoclass:: EmailField
	320
	321	.. autoclass:: NumberInput
	322
	323	.. autoclass:: IntegerField
	324
	325	.. autoclass:: DecimalField
	326
	327	.. autoclass:: RangeInput
	328
	329	.. autoclass:: IntegerRangeField
	330
	331	.. autoclass:: DecimalRangeField
	332
	333
	334
213	335	.. _Flask: http://flask.pocoo.org
214	336	.. _Bitbucket: http://bitbucket.org/danjac/flask-wtf

+288

-0

docs/index.rst.orig less more

	0	Flask-WTF
	1	======================================
	2
	3	.. module:: Flask-WTF
	4
	5	Flask-WTF offers simple integration with `WTForms <http://wtforms.simplecodes.com/docs/0.6/>`_. This integration
	6	includes optional CSRF handling for greater security.
	7
	8	Source code and issue tracking at `Bitbucket`_.
	9
	10	Installing Flask-WTF
	11	---------------------
	12
	13	Install with pip and easy_install::
	14
	15	pip install Flask-WTF
	16
	17	or download the latest version from Bitbucket::
	18
	19	hg clone http://bitbucket.org/danjac/flask-wtf
	20
	21	cd flask-wtf
	22
	23	python setup.py develop
	24
	25	If you are using virtualenv, it is assumed that you are installing Flask-WTF
	26	in the same virtualenv as your Flask application(s).
	27
	28	Configuring Flask-WTF
	29	----------------------
	30
	31	The following settings are used with Flask-WTF:
	32
	33	* ``CSRF_ENABLED`` default ``True``
	34	* ``CSRF_SESSION_KEY`` default ``_csrf_token``
	35
	36	``CSRF_ENABLED`` enables CSRF. You can disable by passing in the ``csrf_enabled`` parameter to your form::
	37
	38	form = MyForm(csrf_enabled=False)
	39
	40	Generally speaking it's a good idea to enable CSRF. There are two situations where you might not want to:
	41	unit tests and AJAX forms. In the first case, switching ``CSRF_ENABLED`` to ``False`` means that your
	42	forms will still work (and the CSRF hidden field will still be printed) but no validation will be done. In the
	43	second, CSRF validation is skipped if ``request.is_xhr`` is ``True`` (you can't do cross-domain AJAX anyway,
	44	so CSRF validation is redundant).
	45
	46	One common pattern in wtforms is `enclosed forms <http://wtforms.simplecodes.com/docs/0.6.1/fields.html#field-enclosures>`_. For example::
	47
	48	class TelephoneForm(Form):
	49	country_code = IntegerField('Country Code', [validators.required()])
	50	area_code = IntegerField('Area Code/Exchange', [validators.required()])
	51	number = TextField('Number')
	52
	53	class ContactForm(Form):
	54	first_name = TextField()
	55	last_name = TextField()
	56	mobile_phone = FormField(TelephoneForm)
	57	office_phone = FormField(TelephoneForm)
	58
	59	The problem with using the ``Form`` class provided by Flask-WTF is that the class will automatically include the CSRF validation. You don't need this for every single form - just the enclosing "master" form.
	60
	61	The easiest way to do this is to just override the enclosed form constructor::
	62
	63	class TelephoneForm(Form):
	64	country_code = IntegerField('Country Code', [validators.required()])
	65	area_code = IntegerField('Area Code/Exchange', [validators.required()])
	66	number = TextField('Number')
	67
	68	def __init__(self, args, *kwargs):
	69	kwargs['csrf_enabled'] = False
	70	super(TelephoneForm, self).__init__(args, *kwargs)
	71
	72	This will disable CSRF validation for all ``TelephoneForm`` instances.
	73
	74	The ``CSRF_SESSION_KEY`` sets the key used in the Flask session for storing the generated token string. Usually
	75	the default should suffice, in certain cases you might want a custom key (for example, having several forms in a
	76	single page).
	77
	78	Both these settings can be overriden in the ``Form`` constructor by passing in ``csrf_enabled`` and ``csrf_session_key``
	79	optional arguments respectively.
	80
	81	In addition, there are additional configuration settings required for Recaptcha integration : see below.
	82
	83	Creating forms
	84	--------------
	85
	86	Flask-WTF provides you with all the API features of WTForms. For example::
	87
	88	from flaskext.wtf import Form, TextField, Required
	89
	90	class MyForm(Form):
	91	name = TextField(name, validators=[Required()])
	92
	93	In addition, a CSRF token hidden field is created. You can print this in your template as any other field::
	94
	95
	96	<form method="POST" action=".">
	97	{{ form.csrf }}
	98	{{ form.name.label }} {{ form.name(size=20) }}
	99	<input type="submit" value="Go">
	100	</form>
	101
	102	However, in order to create valid XHTML/HTML the ``Form`` class has a method ``hidden_tag`` which renders any
	103	hidden fields, including the CSRF field, inside a hidden DIV tag::
	104
	105	<form method="POST" action=".">
	106	{{ form.hidden_tag() }}
	107
	108	Using the 'safe' filter
	109	-----------------------
	110
	111	The safe filter used to be required with WTForms in Jinja2 templates, otherwise your markup would be escaped. For example:
	112
	113	{{ form.name\|safe }}
	114
	115	However widgets in the latest version of WTForms return a `HTML safe string <http://jinja.pocoo.org/2/documentation/api#jinja2.Markup>`_ so you shouldn't need to use safe.
	116
	117	Ensure you are running the latest stable version of WTForms so that you don't need to use this filter everywhere.
	118
	119	File uploads
	120	------------
	121
	122	The ``Form`` instance automatically appends a ``file`` attribute to any ``FileField`` field instances if the form is posted.
	123
	124	This ``file`` attribute is an instance of `Werkzeug FileStorage <http://werkzeug.pocoo.org/documentation/0.5.1/datastructures.html#werkzeug.FileStorage>`_ instance from ``request.files``.
	125
	126	For example::
	127
	128	from werkzeug import secure_filename
	129
	130	class PhotoForm(Form):
	131
	132	photo = FileField("Your photo")
	133
	134	@app.route("/upload/", methods=("GET", "POST"))
	135	def upload():
	136	form = PhotoForm()
	137	if form.validate_on_submit():
	138	filename = secure_filename(form.photo.file.filename)
	139	else:
	140	filename = None
	141
	142	return render_template("upload.html",
	143	form=form,
	144	filename=filename)
	145
	146	It's recommended you use werkzeug.secure_filename on any uploaded files as shown in the example to prevent malicious attempts to access your filesystem.
	147
	148	Remember to set the ``enctype`` of your HTML form to ``multipart/form-data`` to enable file uploads::
	149
	150	<form action="." method="POST" enctype="multipart/form-data">
	151	....
	152	</form>
	153
	154	Note: as of version 0.4 all FileField instances have access to the corresponding FileStorage object
	155	in request.files, including those embedded in FieldList instances.
	156
	157
	158	Validating file uploads
	159	-----------------------
	160
	161	Flask-WTF supports validation through the Flask-Uploads extension. If you use this (highly recommended) extension you can use it to add validation to your file fields. For example::
	162
	163
	164	from flaskext.uploads import UploadSet, IMAGES
	165	from flaskext.wtf import Form, FileField, file_allowed, \
	166	file_required
	167
	168	images = UploadSet("images", IMAGES)
	169
	170	class UploadForm(Form):
	171
	172	upload = FileField("Upload your image",
	173	validators=[file_required(),
	174	file_allowed(images, "Images only!")])
	175
	176	In the above example, only image files (JPEGs, PNGs etc) can be uploaded. The ``file_required`` validator, which does not require ``Flask-Uploads``, will raise a validation error if the field does not contain a FileStorage object.
	177
	178
	179	HTML5 widgets
	180	-------------
	181
	182	Flask-WTF supports a number of HTML5 widgets. Of course, these widgets must be supported by your target browser(s) in order to be properly used.
	183
	184	HTML5-specific widgets are available under the flaskext.wtf.html5 package::
	185
	186	from flaskext.wtf.html5 import URLField
	187
	188	class LinkForm():
	189
	190	url = URLField(validators=[url()])
	191
	192	See the API for more details.
	193
	194	Recaptcha
	195	---------
	196
	197	Flask-WTF also provides Recaptcha support through a ``RecaptchaField``::
	198
	199	from flaskext.wtf import Form, TextField, RecaptchaField
	200
	201	class SignupForm(Form):
	202	username = TextField("Username")
	203	recaptcha = RecaptchaField()
	204
	205	This field handles all the nitty-gritty details of Recaptcha validation and output. The following settings
	206	are required in order to use Recaptcha:
	207
	208	* ``RECAPTCHA_USE_SSL`` : default ``False``
	209	* ``RECAPTCHA_PUBLIC_KEY``
	210	* ``RECAPTCHA_PRIVATE_KEY``
	211	* ``RECAPTCHA_OPTIONS``
	212
	213	``RECAPTCHA_OPTIONS`` is an optional dict of configuration options. The public and private keys are required in
	214	order to authenticate your request with Recaptcha - see `documentation <https://www.google.com/recaptcha/admin/create>`_ for details on how to obtain your keys.
	215
	216	Under test conditions (i.e. Flask app ``testing`` is ``True``) Recaptcha will always validate - this is because it's hard to know the correct Recaptcha image when running tests. Bear in mind that you need to pass the data to `recaptcha_challenge_field` and `recaptcha_response_field`, not `recaptcha`::
	217
	218	response = self.client.post("/someurl/", data={
	219	'recaptcha_challenge_field' : 'test',
	220	'recaptcha_response_field' : 'test'})
	221
	222	If `flaskext-babel <http://packages.python.org/Flask-Babel/>`_ is installed then Recaptcha message strings can be localized.
	223
	224	API changes
	225	-----------
	226
	227	The ``Form`` class provided by Flask-WTF is the same as for WTForms, but with a couple of changes. Aside from CSRF
	228	validation, a convenience method ``validate_on_submit`` is added::
	229
	230	from flask import Flask, request, flash, redirect, url_for, \
	231	render_template
	232
	233	from flaskext.wtf import Form, TextField
	234
	235	app = Flask(__name__)
	236
	237	class MyForm(Form):
	238	name = TextField("Name")
	239
	240	@app.route("/submit/", methods=("GET", "POST"))
	241	def submit():
	242
	243	form = MyForm()
	244	if form.validate_on_submit():
	245	flash("Success")
	246	return redirect(url_for("index"))
	247	return render_template("index.html", form=form)
	248
	249	Note the difference from a pure WTForms solution::
	250
	251	from flask import Flask, request, flash, redirect, url_for, \
	252	render_template
	253
	254	from flaskext.wtf import Form, TextField
	255
	256	app = Flask(__name__)
	257
	258	class MyForm(Form):
	259	name = TextField("Name")
	260
	261	@app.route("/submit/", methods=("GET", "POST"))
	262	def submit():
	263
	264	form = MyForm(request.form)
	265	if request.method == "POST" and form.validate():
	266	flash("Success")
	267	return redirect(url_for("index"))
	268	return render_template("index.html", form=form)
	269
	270	``validate_on_submit`` will automatically check if the request method is PUT or POST.
	271
	272	You don't need to pass ``request.form`` into your form instance, as the ``Form`` automatically populates from ``request.form`` unless
	273	specified. Other arguments are as with ``wtforms.Form``.
	274
	275	API
	276	---
	277
	278	.. module:: flaskext.wtf
	279
	280	.. autoclass:: Form
	281
	282	.. automodule:: flaskext.wtf.file
	283
	284	.. automodule:: flaskext.wtf.html5
	285
	286	.. _Flask: http://flask.pocoo.org
	287	.. _Bitbucket: http://bitbucket.org/danjac/flask-wtf

+30

-19

flaskext/wtf/__init__.py less more

12	12	import uuid
13	13
14	14	from wtforms.fields import BooleanField, DecimalField, DateField, \
15		DateTimeField, FieldList, FloatField, FileField, FormField, \
	15	DateTimeField, FieldList, FloatField, FormField, \
16	16	HiddenField, IntegerField, PasswordField, RadioField, SelectField, \
17	17	SelectMultipleField, SubmitField, TextField, TextAreaField
18	18

24	24	from wtforms.widgets import CheckboxInput, FileInput, HiddenInput, \
25	25	ListWidget, PasswordInput, RadioInput, Select, SubmitInput, \
26	26	TableWidget, TextArea, TextInput
	27
	28	from wtforms.fields import FileField as _FileField
27	29
28	30	try:
29	31	import sqlalchemy

39	41
40	42	from jinja2 import Markup
41	43
	44	from flaskext.wtf import html5
	45
42	46	from flaskext.wtf import recaptcha
43	47
44	48	from flaskext.wtf.recaptcha.fields import RecaptchaField

49	53	widgets.RecaptchaWidget = RecaptchaWidget
50	54	validators.Recaptcha = Recaptcha
51	55
52		__all__ = ['Form', 'ValidationForm',
53		'fields', 'validators', 'widgets']
	56	from flaskext.wtf.file import FileField
	57	from flaskext.wtf.file import FileAllowed, FileRequired, file_allowed, \
	58	file_required
	59
	60	fields.FileField = FileField
	61
	62	validators.file_allowed = file_allowed
	63	validators.file_required = file_required
	64	validators.FileAllowed = FileAllowed
	65	validators.FileRequired = FileRequired
	66
	67
	68	__all__ = ['Form', 'ValidationError',
	69	'fields', 'validators', 'widgets', 'html5']
54	70
55	71	__all__ += fields.__all__
56	72	__all__ += validators.__all__

59	75
60	76	if _is_sqlalchemy:
61	77	from wtforms.ext.sqlalchemy.fields import QuerySelectField, \
62		QuerySelectMultipleField, ModelSelectField
	78	QuerySelectMultipleField
63	79
64	80	__all__ += ['QuerySelectField',
65		'QuerySelectMultipleField',
66		'ModelSelectField']
	81	'QuerySelectMultipleField']
67	82
68	83	for field in (QuerySelectField,
69		QuerySelectMultipleField,
70		ModelSelectField):
	84	QuerySelectMultipleField):
71	85
72	86	setattr(fields, field.__name__, field)
73	87

128	142	# ensure csrf validation occurs ONLY when formdata is passed
129	143	# in case "csrf" is the only field in the form
130	144
131		if not formdata:
	145	if not formdata and not request.files:
132	146	self.csrf_is_valid = False
133	147	else:
134	148	self.csrf_is_valid = None
135	149
136		if request.files:
137
138		for name, field in self._fields.iteritems():
139		if isinstance(field, FileField) and name in request.files:
140		field.file = request.files[name]
141
142	150	super(Form, self).process(formdata, obj, **kwargs)
143	151
144	152	@property

165	173	return csrf_token
166	174
167	175	def validate_csrf(self, field):
168		if not self.csrf_enabled or request.is_xhr:
	176	if not self.csrf_enabled:
169	177	return
170	178
171	179	csrf_token = session.pop(self.csrf_session_key, None)

189	197	Wraps hidden fields in a hidden DIV tag, in order to keep XHTML
190	198	compliance.
191	199
192		:versionadded: 0.3
	200	.. versionadded:: 0.3
193	201
194	202	:param fields: list of hidden field names. If not provided will render
195	203	all hidden fields, including the CSRF field.
196	204	"""
197	205
198	206	if not fields:
199		fields = [f.name for f in self if isinstance(f, HiddenField)]
	207	fields = [f for f in self if isinstance(f, HiddenField)]
200	208
201	209	rv = [u'<div style="display:none;">']
202		rv += [unicode(getattr(self, field)) for field in fields]
	210	for field in fields:
	211	if isinstance(field, basestring):
	212	field = getattr(self, field)
	213	rv.append(unicode(field))
203	214	rv.append(u"</div>")
204	215
205	216	return Markup(u"".join(rv))

+67

-0

flaskext/wtf/file.py less more

	0	from flask import request
	1
	2	from wtforms import FileField as _FileField
	3	from wtforms import ValidationError
	4
	5
	6	class FileField(_FileField):
	7	"""
	8	Subclass of wtforms.FileField providing a `file` property
	9	returning the relevant FileStorage instance in request.files.
	10	"""
	11	@property
	12	def file(self):
	13	"""
	14	Returns FileStorage class if available from request.files
	15	or None
	16	"""
	17	return request.files.get(self.name, None)
	18
	19
	20	class FileRequired(object):
	21	"""
	22	Validates that field has a FileStorage instance
	23	attached.
	24
	25	`message` : error message
	26
	27	You can also use the synonym file_required.
	28	"""
	29
	30	def __init__(self, message=None):
	31	self.message=message
	32
	33	def __call__(self, form, field):
	34	file = getattr(field, "file", None)
	35
	36	if not file:
	37	raise ValidationError, self.message
	38
	39	file_required = FileRequired
	40
	41
	42	class FileAllowed(object):
	43	"""
	44	Validates that the uploaded file is allowed by the given
	45	Flask-Uploads UploadSet.
	46
	47	`upload_set` : instance of flaskext.uploads.UploadSet
	48
	49	`message` : error message
	50
	51	You can also use the synonym file_allowed.
	52	"""
	53
	54	def __init__(self, upload_set, message=None):
	55	self.upload_set = upload_set
	56	self.message = message
	57
	58	def __call__(self, form, field):
	59	file = getattr(field, "file", None)
	60
	61	if file is not None and \
	62	not self.upload_set.file_allowed(file, file.filename):
	63	raise ValidationError, self.message
	64
	65	file_allowed = FileAllowed
	66

+111

-0

flaskext/wtf/html5.py less more

	0	from wtforms import TextField
	1	from wtforms import IntegerField as _IntegerField
	2	from wtforms import DecimalField as _DecimalField
	3	from wtforms import DateField as _DateField
	4	from wtforms.widgets import Input
	5
	6	class DateInput(Input):
	7	"""
	8	Creates `<input type=date>` widget
	9	"""
	10	input_type = "date"
	11
	12
	13	class NumberInput(Input):
	14	"""
	15	Creates `<input type=number>` widget
	16	"""
	17	input_type="number"
	18
	19
	20	class RangeInput(Input):
	21	"""
	22	Creates `<input type=range>` widget
	23	"""
	24	input_type="range"
	25
	26
	27	class URLInput(Input):
	28	"""
	29	Creates `<input type=url>` widget
	30	"""
	31	input_type = "url"
	32
	33
	34	class EmailInput(Input):
	35	"""
	36	Creates `<input type=email>` widget
	37	"""
	38
	39	input_type = "email"
	40
	41
	42	class SearchInput(Input):
	43	"""
	44	Creates `<input type=search>` widget
	45	"""
	46
	47	input_type = "search"
	48
	49
	50	class SearchField(TextField):
	51	"""
	52	TextField using SearchInput by default
	53	"""
	54	widget = SearchInput()
	55
	56
	57	class DateField(_DateField):
	58	"""
	59	DateField using DateInput by default
	60	"""
	61
	62	widget = DateInput()
	63
	64
	65	class URLField(TextField):
	66	"""
	67	TextField using URLInput by default
	68	"""
	69
	70	widget = URLInput()
	71
	72
	73	class EmailField(TextField):
	74	"""
	75	TextField using EmailInput by default
	76	"""
	77
	78	widget = EmailInput()
	79
	80
	81	class IntegerField(_IntegerField):
	82	"""
	83	IntegerField using NumberInput by default
	84	"""
	85
	86	widget = NumberInput()
	87
	88
	89	class DecimalField(_DecimalField):
	90	"""
	91	DecimalField using NumberInput by default
	92	"""
	93
	94	widget = NumberInput()
	95
	96
	97	class IntegerRangeField(_IntegerField):
	98	"""
	99	IntegerField using RangeInput by default
	100	"""
	101
	102	widget = RangeInput()
	103
	104
	105	class DecimalRangeField(_DecimalField):
	106	"""
	107	DecimalField using RangeInput by default
	108	"""
	109
	110	widget = RangeInput()

-0

flaskext/wtf/recaptcha/validators.py less more

38	38	def _validate_recaptcha(self, challenge, response, remote_addr):
39	39	"""Performs the actual validation."""
40	40
	41	if current_app.testing:
	42	return True
	43
41	44	try:
42	45	private_key = current_app.config['RECAPTCHA_PRIVATE_KEY']
43	46	except KeyError:

-1

setup.py less more

18	18
19	19	setup(
20	20	name='Flask-WTF',
21		version='0.3.3',
	21	version='0.5.2',
22	22	url='http://bitbucket.org/danjac/flask-wtf',
23	23	license='BSD',
24	24	author='Dan Jacob',

39	39	tests_require=[
40	40	'nose',
41	41	'Flask-Testing',
	42	'Flask-Uploads',
42	43	],
43	44	classifiers=[
44	45	'Development Status :: 4 - Beta',

+152

-9

tests/__init__.py less more

2	2	import re
3	3
4	4	from flask import Flask, Response, render_template, jsonify
	5	from flaskext.uploads import UploadSet, IMAGES, TEXT, configure_uploads
5	6	from flaskext.testing import TestCase as _TestCase
6	7	from flaskext.wtf import Form, TextField, FileField, HiddenField, \
7		SubmitField, Required
	8	SubmitField, Required, FieldList, file_required, file_allowed, html5
	9
	10	class DummyField(object):
	11	def __init__(self, data, name='f', label='', id='', type='TextField'):
	12	self.data = data
	13	self.name = name
	14	self.label = label
	15	self.id = id
	16	self.type = type
	17
	18	_value = lambda x: x.data
	19	__unicode__ = lambda x: x.data
	20	__call__ = lambda x, **k: x.data
	21	__iter__ = lambda x: iter(x.data)
	22	iter_choices = lambda x: iter(x.data)
	23
8	24
9	25	class TestCase(_TestCase):
10	26

17	33	class HiddenFieldsForm(Form):
18	34	name = HiddenField()
19	35	url = HiddenField()
	36	method = HiddenField()
20	37	secret = HiddenField()
21	38	submit = SubmitField("Submit")
	39
	40	def __init__(self, args, *kwargs):
	41	super(HiddenFieldsForm, self).__init__(args, *kwargs)
	42	self.method.name = '_method'
22	43
23	44	class SimpleForm(Form):
24	45	pass

46	67	assert form.csrf_enabled
47	68	assert not form.validate()
48	69	assert not form.validate()
49		return Response("OK")
	70	return "OK"
50	71
51	72	@app.route("/hidden/")
52	73	def hidden():

69	90
70	91	return app
71	92
	93	class HTML5Tests(TestCase):
	94
	95	field = DummyField("name", id="name", name="name")
	96
	97	def test_url_input(self):
	98
	99	assert html5.URLInput()(self.field) == \
	100	'<input id="name" name="name" type="url" value="name" />'
	101
	102	def test_search_input(self):
	103
	104	assert html5.SearchInput()(self.field) == \
	105	'<input id="name" name="name" type="search" value="name" />'
	106
	107	def test_date_input(self):
	108
	109	assert html5.DateInput()(self.field) == \
	110	'<input id="name" name="name" type="date" value="name" />'
	111
	112	def test_email_input(self):
	113
	114	assert html5.EmailInput()(self.field) == \
	115	'<input id="name" name="name" type="email" value="name" />'
	116
	117	def test_number_input(self):
	118
	119	assert html5.NumberInput()(self.field, min=0, max=10) == \
	120	'<input id="name" max="10" min="0" name="name" type="number" value="name" />'
	121
	122	def test_range_input(self):
	123
	124	assert html5.RangeInput()(self.field, min=0, max=10) == \
	125	'<input id="name" max="10" min="0" name="name" type="range" value="name" />'
	126
	127	# FILE UPLOAD TESTS #
	128
	129	images = UploadSet("images", IMAGES)
	130	text = UploadSet("text", TEXT)
	131
	132	class FileUploadForm(Form):
	133
	134	upload = FileField("Upload file")
	135
	136	class MultipleFileUploadForm(Form):
	137
	138	uploads = FieldList(FileField("upload"), min_entries=3)
	139
	140
	141	class ImageUploadForm(Form):
	142
	143	upload = FileField("Upload file",
	144	validators=[file_required(),
	145	file_allowed(images)])
	146
	147	class TextUploadForm(Form):
	148
	149	upload = FileField("Upload file",
	150	validators=[file_required(),
	151	file_allowed(text)])
	152
	153
	154
72	155	class TestFileUpload(TestCase):
73	156
	157
74	158	def create_app(self):
75
76		class FileUploadForm(Form):
77
78		upload = FileField("Upload file")
79	159
80	160	app = super(TestFileUpload, self).create_app()
81	161	app.config['CSRF_ENABLED'] = False
	162	app.config['UPLOADED_FILES_DEST'] = 'uploads'
	163	app.config['UPLOADS_DEFAULT_DEST'] = 'uploads'
	164	configure_uploads(app, [images, text])
	165
	166	@app.route("/upload-image/", methods=("POST",))
	167	def upload_image():
	168	form = ImageUploadForm()
	169	if form.validate_on_submit():
	170	return "OK"
	171	return "invalid"
	172
	173	@app.route("/upload-text/", methods=("POST",))
	174	def upload_text():
	175	form = TextUploadForm()
	176	if form.validate_on_submit():
	177	return "OK"
	178	return "invalid"
	179
	180
	181	@app.route("/upload-multiple/", methods=("POST",))
	182	def upload_multiple():
	183	form = MultipleFileUploadForm()
	184	if form.validate_on_submit():
	185	assert len(form.uploads.entries) == 3
	186	for upload in form.uploads.entries:
	187	assert upload.file is not None
	188
	189	return "OK"
	190
	191	@app.route("/upload-multiple-field/", methods=("POST",))
	192	def upload_multiple_field():
	193	form = MultipleFileFieldUploadForm()
	194	if form.validate_on_submit():
	195	assert len(form.uploads.files) == 3
	196	for upload in form.uploads.files:
	197	assert "flask.png" in upload.filename
	198
	199	return "OK"
82	200
83	201	@app.route("/upload/", methods=("POST",))
84	202	def upload():

97	215
98	216	return app
99	217
	218	def test_multiple_files(self):
	219
	220	fps = [self.app.open_resource("flask.png") for i in xrange(3)]
	221	data = [("uploads-%d" % i, fp) for i, fp in enumerate(fps)]
	222	response = self.client.post("/upload-multiple/", data=dict(data))
	223	assert response.status_code == 200
	224
100	225	def test_valid_file(self):
101	226
102	227	with self.app.open_resource("flask.png") as fp:
103		response = self.client.post("/upload/",
	228	response = self.client.post("/upload-image/",
104	229	data={'upload' : fp})
105	230
106		assert "flask.png</h3>" in response.data
	231	assert "OK" in response.data
	232
	233	def test_missing_file(self):
	234
	235	response = self.client.post("/upload-image/",
	236	data={'upload' : "test"})
	237
	238	assert "invalid" in response.data
	239
	240	def test_invalid_file(self):
	241
	242	with self.app.open_resource("flask.png") as fp:
	243	response = self.client.post("/upload-text/",
	244	data={'upload' : fp})
	245
	246	assert "invalid" in response.data
	247
107	248
108	249	def test_invalid_file(self):
109	250

142	283	def test_hidden_tag(self):
143	284
144	285	response = self.client.get("/hidden/")
145		assert response.data.count('type="hidden"') == 4
	286	assert response.data.count('type="hidden"') == 5
	287	assert 'name="_method"' in response.data
	288
146	289
147	290	class TestCSRF(TestCase):
148	291

-203

~~tests/__init__.py.orig~~ less more

0		from __future__ import with_statement
1
2		import re
3
4		from flask import Flask, render_template, jsonify, request
5		from flaskext.testing import TestCase as _TestCase
6		from flaskext.wtf import Form, TextField, FileField, HiddenField, \
7		SubmitField, Required
8
9		class TestCase(_TestCase):
10
11		def create_app(self):
12
13		class MyForm(Form):
14		name = TextField("Name", validators=[Required()])
15		submit = SubmitField("Submit")
16
17		class HiddenFieldsForm(Form):
18		name = HiddenField()
19		url = HiddenField()
20		secret = HiddenField()
21		submit = SubmitField("Submit")
22
23		app = Flask(__name__)
24		app.secret_key = "secret"
25
26		@app.route("/", methods=("GET", "POST"))
27		def index():
28
29		form = MyForm()
30		if form.validate_on_submit():
31		name = form.name.data.upper()
32		else:
33		name = ''
34
35		return render_template("index.html",
36		form=form,
37		name=name)
38
39
40		@app.route("/validate_twice/", methods=("GET", "POST"))
41		def validate_twice():
42
43		form = MyForm()
44		if request.method == "GET":
45		assert not form.validate()
46		assert not form.validate()
47		else:
48		assert form.validate()
49		assert not form.validate()
50
51		return render_template("index.html",
52		form=form)
53
54		@app.route("/hidden/")
55		def hidden():
56
57		form = HiddenFieldsForm()
58		return render_template("hidden.html", form=form)
59
60		@app.route("/ajax/", methods=("POST",))
61		def ajax_submit():
62		form = MyForm()
63		if form.validate_on_submit():
64		return jsonify(name=form.name.data,
65		success=True,
66		errors=None)
67
68		return jsonify(name=None,
69		errors=form.errors,
70		success=False)
71
72
73		return app
74
75		class TestFileUpload(TestCase):
76
77		def create_app(self):
78
79		class FileUploadForm(Form):
80
81		upload = FileField("Upload file")
82
83		app = super(TestFileUpload, self).create_app()
84		app.config['CSRF_ENABLED'] = False
85
86		@app.route("/upload/", methods=("POST",))
87		def upload():
88		form = FileUploadForm()
89		if form.validate_on_submit():
90
91		filedata = form.upload.file
92
93		else:
94
95		filedata = None
96
97		return render_template("upload.html",
98		filedata=filedata,
99		form=form)
100
101		return app
102
103		def test_valid_file(self):
104
105		with self.app.open_resource("flask.png") as fp:
106		response = self.client.post("/upload/",
107		data={'upload' : fp})
108
109		assert "flask.png</h3>" in response.data
110
111		def test_invalid_file(self):
112
113		response = self.client.post("/upload/",
114		data={'upload' : 'flask.png'})
115
116		assert "flask.png</h3>" not in response.data
117
118
119		class TestValidateOnSubmit(TestCase):
120
121		def test_not_submitted(self):
122
123		response = self.client.get("/")
124		assert 'DANNY' not in response.data
125
126		def test_submitted_not_valid(self):
127
128		self.app.config['CSRF_ENABLED'] = False
129
130		response = self.client.post("/", data={})
131
132		assert 'DANNY' not in response.data
133
134		def test_submitted_and_valid(self):
135
136		self.app.config['CSRF_ENABLED'] = False
137
138		response = self.client.post("/", data={"name" : "danny"})
139		print response.data
140
141		assert 'DANNY' in response.data
142
143
144		class TestHiddenTag(TestCase):
145
146		def test_hidden_tag(self):
147
148		response = self.client.get("/hidden/")
149		assert response.data.count('type="hidden"') == 4
150
151		class TestCSRF(TestCase):
152
153		def test_csrf_token(self):
154
155		response = self.client.get("/")
156		assert '<div style="display:none;"><input id="csrf" name="csrf" type="hidden" value' in response.data
157
158		def test_invalid_csrf(self):
159
160		response = self.client.post("/", data={"name" : "danny"})
161		assert 'DANNY' not in response.data
162		assert "Missing or invalid CSRF token" in response.data
163
164		def test_check_csrf_twice(self):
165
166		self.app.config['CSRF_ENABLED'] = False
167
168		response = self.client.get("/validate_twice/")
169		self.assert_200(response)
170
171		response = self.client.post("/validate_twice/", data={"name":"test"})
172		self.assert_200(response)
173
174		def test_csrf_disabled(self):
175
176		self.app.config['CSRF_ENABLED'] = False
177
178		response = self.client.post("/", data={"name" : "danny"})
179		assert 'DANNY' in response.data
180
181		def test_ajax(self):
182
183		response = self.client.post("/ajax/",
184		data={"name" : "danny"},
185		headers={'X-Requested-With' : 'XMLHttpRequest'})
186
187		assert response.status_code == 200
188
189		def test_valid_csrf(self):
190
191		response = self.client.get("/")
192		pattern = re.compile(r'name="csrf" type="hidden" value="([0-9a-zA-Z-]*)"')
193		match = pattern.search(response.data)
194		assert match
195
196		csrf_token = match.groups()[0]
197
198		response = self.client.post("/", data={"name" : "danny",
199		"csrf" : csrf_token})
200
201		assert "DANNY" in response.data
202