Flask wtf表单AttributeError:'Request'对象没有属性'POST'

Question

我刚刚开始使用Flask进行编码,我想在我的应用程序中的小表单上设置CSRF.我正在关注此http://wtforms.readthedocs.org/en/2.0.2/csrf.html以进行基于会话的实施.我在网上浏览了一段时间以找到类似问题的解决方案,但我没有成功,如果这是一个重复的问题,请道歉.

这段代码的问题: 当我在虚拟环境中运行它时,我得到以下堆栈跟踪AttributeError: 'Request' object has no attribute 'POST'-

目标:在wtform实例上实现csrf

环境:wtf版本2.02,烧瓶0.10,venv与python 2.7

from flask import session, request
from flask.ext.wtf import Form
from wtforms import TextField, validators, SubmitField
from wtforms.validators import Required, Length
from wtforms.csrf.session import SessionCSRF
from datetime import timedelta
import config # my config file

# create super class

class MyForm(Form):
    class Meta:
        csrf = True
        csrf_class = SessionCSRF
        csrf_secret = config.secret_key
        csrf_time_limit = timedelta(minutes=20)

        @property
            def csrf_context(self):
                return request.session


# create a class for the form
class postcodeInput(MyForm):
    postcode = TextField('postcode',[validators.Required(message=(u"Where is your postcode?")),validators.Length(min=2, max=10)])
    submit = SubmitField('Submit')

fci_form.py

from flask import Flask, render_template, request, __version__, url_for, session, abort, flash, redirect
# importing the class called postcode_input
from fci_form import postcodeInput
import config
import fciUtils

#pdb.set_trace()
app = Flask(__name__)
app.debug = True

# Views of the app

@app.route('/')
def index():
  return render_template('home.html')


@app.route('/fci', methods=['GET', 'POST'])
def fci_form():
    error = None
    form = postcodeInput(request.POST, meta={'csrf_context': request.session})
    if form.validate_on_submit():
            # handle user input
            postcode = request.form['postcode']
            # calculate fci
            result = fciUtils.fciReturn(postcode)
            return render_template('fci_form.html',form = form, result = result)
    elif request.method == 'GET':
        return render_template('fci_form.html', form = form)
    else:
        error = 'Enter a valid postcode'
        return render_template('fci_form.html', form=form, error=error)



if __name__ == '__main__':
    app.secret_key = config.secret_key
    app.run(threaded=True)

views.py

{% extends 'layout.html' %}
{% block form %}
<section>
    <header><h1>...</h1><br></header>
    <form action="{{ url_for('fci_form')}}" method='POST'>
        <p>Enter your London postcode:</p>
        <section>
            {% if error %}
            <p class="error"><strong>Error: </strong>{{error}}</p>
            {% endif %}
            {{form.csrf_token}}
            {{form.postcode}}
            {{form.submit(class_="pure-button")}}   
        </section>
    </form> 
</section> 

{% endblock %}

{% block result %}

    <section>
        <h4>{{result}}</h4> 
    </section>

{% endblock %}

模板是/ templates文件夹中的fci_form.html

from flask import session, request
from flask.ext.wtf import Form
from wtforms import TextField, validators, SubmitField
from wtforms.validators import Required, Length
from wtforms.csrf.session import SessionCSRF
from datetime import timedelta
import config # my config file

# create super class

class MyForm(Form):
    class Meta:
        csrf = True
        csrf_class = SessionCSRF
        csrf_secret = config.secret_key
        csrf_time_limit = timedelta(minutes=20)

        @property
            def csrf_context(self):
                return request.session


# create a class for the form
class postcodeInput(MyForm):
    postcode = TextField('postcode',[validators.Required(message=(u"Where is your postcode?")),validators.Length(min=2, max=10)])
    submit = SubmitField('Submit')

我在这里错过了什么？

Answer 1

来自WTForms 项目的github README ：

WTForms 是一个用于 Python Web 开发的灵活的表单验证和渲染库。它与框架无关，可以与您选择的任何 Web 框架和模板引擎配合使用。

..强调我的。与框架无关意味着这不仅仅是 Flask 的库以及诸如此类的示例（来自https://wtforms.readthedocs.io/en/stable/csrf.html#using-csrf）：

def view():
    form = UserForm(request.POST)
    if request.POST and form.validate():
        pass # Form is valid and CSRF succeeded

    return render('user.html', form=form)

...不一定是任何Web 框架中的工作模式，而只是展示库如何工作的一般说明。

该示例转换为 Flask 特定示例可能如下所示：

@app.route('/submit', methods=("GET", "POST"))
def submit():
    form = UserForm(request.form)
    if request.method == "POST" and form.validate():
        pass  # Form is valid and CSRF succeeded
    return render_template('submit.html', form=form)

自述文件继续说道：

有各种社区库可以提供与流行框架更紧密的集成。

Flask-WTF就是这样一个例子，他们围绕 WTForms 的库的“hello world”如下所示：

@app.route('/submit', methods=('GET', 'POST'))
def submit():
    form = MyForm()
    if form.validate_on_submit():
        return redirect('/success')
    return render_template('submit.html', form=form)

请注意，不必像普通 WTForms 示例 ( ) 中那样request.form传递给构造函数，并且调用的表单上有一个可用的方法，该方法既测试请求是否为请求，又测试提交的表单内容通过验证。MyFormUserForm(request.form)validate_on_submit()POST

除了更轻松地处理将POST数据传递到表单和验证之外，还简化了 CSRF 令牌管理，可以在此处Flask-WTF阅读有关内容。