class Form(with_metaclass(FormMeta, WTForm)):
class Meta(object):
locales = ('zh_CN', 'zh')
def is_submitted(self):
return request and request.method in ('PUT', 'POST')
def validate_on_submit(self):
return self.is_submitted() and self.validate()
class F(with_metaclass(FMeta, Form)):
pass
class Form(with_metaclass(FormMeta, _Form), FormMixin):
TIME_FORMAT = '%Y%m%d%H%M%S'
TIME_LIMIT = timedelta(minutes=30)
csrf_token = CSRFTokenField()
def __init__(self, formdata=_Auto, obj=None, prefix='', **kwargs):
if formdata is _Auto:
if self.is_submitted():
formdata = request.form
if request.files:
formdata = formdata.copy()
formdata.update(request.files)
elif request.json:
formdata = werkzeug.datastructures.MultiDict(request.json)
else:
formdata = None
super(Form, self).__init__(formdata, obj, prefix, **kwargs)
self.csrf_token.current_token = self.generate_csrf_token()
def generate_csrf_token(self):
secret_key = current_app.config.get('SECRET_KEY')
if secret_key is None:
raise Exception('must set SECRET_KEY in config for it to work')
time_limit = current_app.config.get('SECRET_TIME_LIMIT',
self.TIME_LIMIT)
if 'csrf' not in session:
session['csrf'] = sha1(os.urandom(64)).hexdigest()
self.csrf_token.csrf_key = session['csrf']
if time_limit:
expires = (datetime.now() + time_limit).strftime(self.TIME_FORMAT)
csrf_build = '%s%s' % (session['csrf'], expires)
else:
expires = ''
csrf_build = session['csrf']
hmac_csrf = hmac.new(secret_key,
csrf_build.encode('utf8'),
digestmod=sha1)
return '%s##%s' % (expires, hmac_csrf.hexdigest())
def validate_csrf_token(self, field):
if not field.data or '##' not in field.data:
raise ValidationError('CSRF token missing')
secret_key = current_app.config.get('SECRET_KEY')
expires, hmac_csrf = field.data.split('##')
check_val = (field.csrf_key + expires).encode('utf8')
hmac_compare = hmac.new(secret_key, check_val, digestmod=sha1)
if hmac_compare.hexdigest() != hmac_csrf:
raise ValidationError('CSRF failed')
time_limit = current_app.config.get('SECRET_TIME_LIMIT',
self.TIME_LIMIT)
if time_limit:
now_formatted = datetime.now().strftime(self.TIME_FORMAT)
if now_formatted > expires:
raise ValidationError('CSRF token expired')
@property
def data(self):
d = super(Form, self).data
d.pop('csrf_token')
return d
def populate_obj(self, obj):
for name, field in self._fields.iteritems():
if field.type != 'Label':
field.populate_obj(obj, name)
class BaseForm(with_metaclass(FormMeta, _Form), FormMixin):
pass
class Form(with_metaclass(FormMeta, BaseForm)):
"""
Declarative Form base class. Extends BaseForm's core behaviour allowing
fields to be defined on Form subclasses as class attributes.
In addition, form and instance input data are taken at construction time
and passed to `process()`.
"""
Meta = DefaultMeta
def __init__(self,
formdata=None,
obj=None,
prefix='',
data=None,
meta=None,
**kwargs):
"""
:param formdata:
Used to pass data coming from the enduser, usually `request.POST` or
equivalent. formdata should be some sort of request-data wrapper which
can get multiple parameters from the form input, and values are unicode
strings, e.g. a Werkzeug/Django/WebOb MultiDict
:param obj:
If `formdata` is empty or not provided, this object is checked for
attributes matching form field names, which will be used for field
values.
:param prefix:
If provided, all fields will have their name prefixed with the
value.
:param data:
Accept a dictionary of data. This is only used if `formdata` and
`obj` are not present.
:param meta:
If provided, this is a dictionary of values to override attributes
on this form's meta instance.
:param `**kwargs`:
If `formdata` is empty or not provided and `obj` does not contain
an attribute named the same as a field, form will assign the value
of a matching keyword argument to the field, if one exists.
"""
meta_obj = self._wtforms_meta()
if meta is not None and isinstance(meta, dict):
meta_obj.update_values(meta)
super(Form, self).__init__(self._unbound_fields,
meta=meta_obj,
prefix=prefix)
for name, field in iteritems(self._fields):
# Set all the fields to attributes so that they obscure the class
# attributes with the same names.
setattr(self, name, field)
self.process(formdata, obj, data=data, **kwargs)
def __setitem__(self, name, value):
raise TypeError(
'Fields may not be added to Form instances, only classes.')
def __delitem__(self, name):
del self._fields[name]
setattr(self, name, None)
def __delattr__(self, name):
if name in self._fields:
self.__delitem__(name)
else:
# This is done for idempotency, if we have a name which is a field,
# we want to mask it by setting the value to None.
unbound_field = getattr(self.__class__, name, None)
if unbound_field is not None and hasattr(unbound_field,
'_formfield'):
setattr(self, name, None)
else:
super(Form, self).__delattr__(name)
def validate(self):
"""
Validates the form by calling `validate` on each field, passing any
extra `Form.validate_<fieldname>` validators to the field validator.
"""
extra = {}
for name in self._fields:
inline = getattr(self.__class__, 'validate_%s' % name, None)
if inline is not None:
extra[name] = [inline]
return super(Form, self).validate(extra)
class Form(with_metaclass(FormMeta, BaseForm)):
"""
Declarative Form base class. Extends BaseForm's core behaviour allowing
fields to be defined on Form subclasses as class attributes.
In addition, form and instance input data are taken at construction time
and passed to `process()`.
"""
def __init__(self, formdata=None, obj=None, prefix='', **kwargs):
"""
:param formdata:
Used to pass data coming from the enduser, usually `request.POST` or
equivalent.
:param obj:
If `formdata` is empty or not provided, this object is checked for
attributes matching form field names, which will be used for field
values.
:param prefix:
If provided, all fields will have their name prefixed with the
value.
:param `**kwargs`:
If `formdata` is empty or not provided and `obj` does not contain
an attribute named the same as a field, form will assign the value
of a matching keyword argument to the field, if one exists.
"""
super(Form, self).__init__(self._unbound_fields, prefix=prefix)
for name, field in iteritems(self._fields):
# Set all the fields to attributes so that they obscure the class
# attributes with the same names.
setattr(self, name, field)
self.process(formdata, obj, **kwargs)
def __iter__(self):
""" Iterate form fields in their order of definition on the form. """
for name, _ in self._unbound_fields:
if name in self._fields:
yield self._fields[name]
def __setitem__(self, name, value):
raise TypeError(
'Fields may not be added to Form instances, only classes.')
def __delitem__(self, name):
del self._fields[name]
setattr(self, name, None)
def __delattr__(self, name):
try:
self.__delitem__(name)
except KeyError:
super(Form, self).__delattr__(name)
def validate(self):
"""
Validates the form by calling `validate` on each field, passing any
extra `Form.validate_<fieldname>` validators to the field validator.
"""
extra = {}
for name in self._fields:
inline = getattr(self.__class__, 'validate_%s' % name, None)
if inline is not None:
extra[name] = [inline]
return super(Form, self).validate(extra)
class Form(with_metaclass(FormMeta, WTForm)):
class Meta(object):
locales = ('zh_CN', 'zh')
class Form(with_metaclass(FormMeta, BaseForm)):
_DATA_TYPES = {'boolean': BooleanField, 'password': PasswordField}
_RULES_MAP = {
'email': validators.Email,
'required': validators.InputRequired,
'len': validators.Length
}
def __init__(self, formdata=None):
self.boot()
self._setup_unbound_fields()
super(Form, self).__init__(self._unbound_fields)
self.process(MultiDict(formdata))
def boot(self):
pass
def rules(self):
return []
def _setup_unbound_fields(self):
for field_name, field_rules in self.rules().items():
field_type, validators = self._parse_rules(field_name, field_rules)
field = (field_name,
UnboundField(field_type, field_name, validators))
self._unbound_fields.append(field)
def _parse_rules(self, field_name, rules):
field_type = None
validators = []
for rule in rules:
rule_name = rule
rule_params = {}
if isinstance(rule, tuple):
rule_name, rule_params = rule
if rule_name in self._DATA_TYPES:
# Parse data type
if not field_type:
field_type = self._DATA_TYPES[rule_name]
else:
raise RuleException(
'Multiple data types defined for field: "{}"'.format(
field_name))
else:
# Parse validator
validator = self._RULES_MAP.get(rule_name, None)
if not validator:
raise RuleException(
'Undefined rule: "{}"'.format(rule_name))
if isinstance(validator, types.FunctionType):
validators.append(validator)
else:
validators.append(validator(**rule_params))
field_type = StringField if not field_type else field_type
return (field_type, validators)
def register(self, rule_name, rule_function):
self._RULES_MAP[rule_name] = rule_function
