I've created a small Flask extension for using WTForms: http://bitbucket.org/danjac/flask-wtf This is for those who want to use WTForms in their application. Inspired by Armin's recent work on fungiform, it includes CSRF validation and some Flask-specific convenience methods. This is a work in progress, so the usual caveats apply: lacks unit tests, documentation needs work, untested in production etc. If feedback is positive I'll add it to PyPi.
On Tue, Jun 22, 2010 at 9:00 AM, Dan Jacob wrote: > I've created a small Flask extension for using WTForms: > > http://bitbucket.org/danjac/flask-wtf Hey Dan, I started an integration of wtforms and tipfy that includes the recaptcha implementation from solace. It also can recognize and populate input type="file" (when request is passed to constructor instead of request.form). I was planning to include CSRF protection but I'll probably borrow it from you ;). Please see if you can borrow recaptcha/file field from it and we'll be even! Flask and tipfy are similar enough to make porting easy. Here it is: http://pypi.python.org/pypi/tipfy.ext.wtforms/ -- rodrigo
Hi,
I might consider adding Recaptcha at some point as a custom WTForms
field.Not sure at the moment what would be the best way to go about
it. Something like:
from flaskext.wtf import Form, RecaptchaField
class MyForm(Form):
recaptcha = RecaptchaField()
Config stuff like recaptcha private key would come from Flask, and
there should be some way to customize rendering.
On 22 June 2010 13:45, Rodrigo Moraes <rodrigo.moraes@gmail.com> wrote:
> On Tue, Jun 22, 2010 at 9:00 AM, Dan Jacob wrote:
>> I've created a small Flask extension for using WTForms:
>>
>> http://bitbucket.org/danjac/flask-wtf
>
> Hey Dan,
> I started an integration of wtforms and tipfy that includes the
> recaptcha implementation from solace.
> It also can recognize and populate input type="file" (when request is
> passed to constructor instead of request.form).
>
> I was planning to include CSRF protection but I'll probably borrow it
> from you ;). Please see if you can borrow recaptcha/file field from it
> and we'll be even! Flask and tipfy are similar enough to make porting
> easy.
>
> Here it is:
>
> http://pypi.python.org/pypi/tipfy.ext.wtforms/
>
> -- rodrigo
>
On Tue, Jun 22, 2010 at 9:56 AM, Dan Jacob wrote: > from flaskext.wtf import Form, RecaptchaField > > class MyForm(Form): > > recaptcha = RecaptchaField() That's how it is done there. There's a RecaptchaField, a RecaptchaWidget and a Recaptcha validator (automatically added to field). > Config stuff like recaptcha private key would come from Flask, and > there should be some way to customize rendering. Configuration keys accepted are: * recaptcha_options (to customize the widget, following http://recaptcha.net/apidocs/captcha/client.html) * recaptcha_use_ssl * recaptcha_public_key * recaptcha_private_key You can make all Flask-configurable. It pretty much nails customization, and you can even override the rendering widget. -- rodrigo
Thanks Rodrigo. I'll probably add recaptcha functionality once the flask-wtf code is stable. As an aside, you can now just import the SQLAlchemy extension fields, if you have SQLA installed: from flaskext.wtf import ModelSelectField I really need to get some tests and docs written though before I can put out a release. On 22 June 2010 14:08, Rodrigo Moraes <rodrigo.moraes@gmail.com> wrote: > On Tue, Jun 22, 2010 at 9:56 AM, Dan Jacob wrote: >> from flaskext.wtf import Form, RecaptchaField >> >> class MyForm(Form): >> >> recaptcha = RecaptchaField() > > That's how it is done there. There's a RecaptchaField, a > RecaptchaWidget and a Recaptcha validator (automatically added to > field). > >> Config stuff like recaptcha private key would come from Flask, and >> there should be some way to customize rendering. > > Configuration keys accepted are: > * recaptcha_options (to customize the widget, following > http://recaptcha.net/apidocs/captcha/client.html) > * recaptcha_use_ssl > * recaptcha_public_key > * recaptcha_private_key > > You can make all Flask-configurable. It pretty much nails > customization, and you can even override the rendering widget. > > -- rodrigo >
Great work
Hi, Slightly related: <form> <input name=foo type=submit> </form> is invalid HTML, but this is valid: <form> <p><input name=foo type=submit> </form> So wrap it in dl/div/p/ul/ol or something like that. Regards, Armin
Is this relating to the example template ? I'm sure it's completely invalid, it will be tidied up a bit later. Just wanted to throw something up for a quick test. Another example is that the hidden CSRF input will need to be wrapped in a hidden DIV, this should probably be a Jinja2 macro/global though. On 22 June 2010 13:09, Armin Ronacher <armin.ronacher@active-4.com> wrote: > Hi, > > Slightly related: > > <form> > <input name=foo type=submit> > </form> > > is invalid HTML, but this is valid: > > <form> > <p><input name=foo type=submit> > </form> > > So wrap it in dl/div/p/ul/ol or something like that. > > > Regards, > Armin >
Hi, On 6/22/10 2:00 PM, Dan Jacob wrote: > I've created a small Flask extension for using WTForms: > > http://bitbucket.org/danjac/flask-wtf And I was totally expecting for WhatTheFlask :D Regars, Armin
Sorry, couldn't resist the name :-) On 22 June 2010 13:02, Armin Ronacher <armin.ronacher@active-4.com> wrote: > Hi, > > On 6/22/10 2:00 PM, Dan Jacob wrote: >> I've created a small Flask extension for using WTForms: >> >> http://bitbucket.org/danjac/flask-wtf > And I was totally expecting for WhatTheFlask :D > > > Regars, > Armin >