librelist archives

Re: [flask] Flask-WTF extension

From:

Brice Leroy

Date:

2012-02-03 @ 23:17

Looks really good, not sure a pull request is worth it... you look like a
good candidate to become the main repository :)

2012/2/1 Zach Williams <hey@zachwill.com>

> Awesome work, Simon.
>
> Zach
>
>
> On Wed, Feb 1, 2012 at 7:02 AM, Ishbir Singh <webmaster@ishbir.com> wrote:
>
>> Hey,
>>
>> I think what you're doing is great work. Keep it up! I myself have had to
>> use flask-wtf from time to time.
>>
>>
>> On 1 February 2012 04:00, Simon Zimmermann <simonz05@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I've forked and update the Flask-WTF extension. Anyone interested
>>> is free to review, and if bothered, give me some feedback.
>>>
>>> I think the extension has been left inactive by Dan Jacob for a
>>> ~year now and I wanted to use it for a project. So I took the
>>> freedom to do some cleaning.
>>>
>>> Package is at https://github.com/simonz05/flask-wtf
>>>
>>> # Brief description of changes
>>>
>>>    - In general the extension tries to do less, and we don't try
>>>      to import everything wtforms has to offer. The extension
>>>      code was reduced to just 214 lines, from 294 lines.
>>>
>>>    - The main functionality is a Form class which is a subclass
>>>      of wtforms.ext.csrf.SecureSessionForm.
>>>
>>>    - Depends on wtforms-0.6.4dev.
>>>
>>>    - The extension follows the new flask ext package structure
>>>      guidelines.
>>>
>>>    - Updated about 50% of the tests to make them more isolated
>>>      and correct.
>>>
>>>    - Documentation was updated to reflect the changes to the
>>>      library.
>>>
>>> # TODO
>>>
>>>    - Update examples.
>>>
>>>    - Typos in documentation
>>>
>>>    - Fix HTML5 tests/package.
>>>
>>> Furthermore, some of the things provided by this extension
>>> should really be pushed to wtforms or just left out completly.
>>> Recaptcha doesn't do anything flask-specific so it could be
>>> provided by wtforms. HTML5 widgets fit into that category as
>>> well.
>>>
>>
>>
>>
>> --
>> Regards,
>> Ishbir Singh
>>
>>
>


-- 
blog: http://www.debrice.com
Time tracking tool: http://alpha.kaaloo.com
Django site generator: http://alpha.djangogenerator.com
linkedin: http://www.linkedin.com/in/bricepleroy

On 4 February 2012 00:17, Brice Leroy <bbrriiccee@gmail.com> wrote:
> Looks really good, not sure a pull request is worth it... you look like a
> good candidate to become the main repository :)

Still want to poke around with it some more before I make a request to
change the official extension. Haven't really tested the CSRF thing
enough to call it stable, or if it works at all.

In regards to Flask-Script and other of Dan Jacobs extensions. I think
he made a request for maintainers about ~1 year ago. Can't find the
mailing list post right now, but If I remember correctly he stated he
was going University and didn't have time to maintain the
repositories. As of such, if you use one of his repositories and feel
like keeping it up to date, its a simple matter of sending an email.

On Sat, Feb 4, 2012 at 4:10 AM, Simon Zimmermann <simonz05@gmail.com> wrote:
> On 4 February 2012 00:17, Brice Leroy <bbrriiccee@gmail.com> wrote:
>> Looks really good, not sure a pull request is worth it... you look like a
>> good candidate to become the main repository :)
>
> Still want to poke around with it some more before I make a request to
> change the official extension. Haven't really tested the CSRF thing
> enough to call it stable, or if it works at all.

I have some patches to the Flask-WTF csrf code I'm using.  You might
also consider dropping in Flask-SeaSurf (Max Countryman).


> In regards to Flask-Script and other of Dan Jacobs extensions. I think
> he made a request for maintainers about ~1 year ago. Can't find the
> mailing list post right now, but If I remember correctly he stated he
> was going University and didn't have time to maintain the
> repositories. As of such, if you use one of his repositories and feel
> like keeping it up to date, its a simple matter of sending an email.

I'm pretty sure you're thinking of Matthew Frazier, who transferred 5
extensions between Max Countryman and me (thanks!).  I just emailed
Dan Jacob.  My earlier message was to see if anyone knew anything I
didn't -- admittedly I wrote it quickly and the message was vague. :-)

-Ron

Héllo,

I'm a bit lost in the discussion what is now the preferred way to protect
forms against CSRF attacks, Max's Flask-WTF or Flask-SeaSurf ?

Regards,

Hi,

On Sat, Feb 4, 2012 at 9:52 AM, Amirouche Boubekki
<amirouche.boubekki@gmail.com> wrote:
> I'm a bit lost in the discussion what is now the preferred way to protect
> forms against CSRF attacks, Max's Flask-WTF or Flask-SeaSurf ?

Flask-WTF provides it's own CSRF protection implementation.
http://packages.python.org/Flask-WTF/

Flask-SeaSurf provides a stand-alone implementation.
http://packages.python.org/Flask-SeaSurf/

Both implementations are readable.  Personally, I'd use a standalone
version if not using WTForms.

-Ron

2012/2/4 Ron DuPlain <ron.duplain@gmail.com>

> Hi,
>
> On Sat, Feb 4, 2012 at 9:52 AM, Amirouche Boubekki
> <amirouche.boubekki@gmail.com> wrote:
> > I'm a bit lost in the discussion what is now the preferred way to protect
> > forms against CSRF attacks, Max's Flask-WTF or Flask-SeaSurf ?
>
> Flask-WTF provides it's own CSRF protection implementation.
> http://packages.python.org/Flask-WTF/
>
> Flask-SeaSurf provides a stand-alone implementation.
> http://packages.python.org/Flask-SeaSurf/
>
> Both implementations are readable.  Personally, I'd use a standalone
> version if not using WTForms.


Thanks,

Amirouche



>  -Ron
>

I'm sure we could find a maintainer for Flask-Script while we're at it.  :-)
Anyone in touch with Dan Jacob to get PyPI transferred (or have another method)?

Ron


On Fri, Feb 3, 2012 at 6:17 PM, Brice Leroy <bbrriiccee@gmail.com> wrote:
> Looks really good, not sure a pull request is worth it... you look like a
> good candidate to become the main repository :)
>
>
> 2012/2/1 Zach Williams <hey@zachwill.com>
>>
>> Awesome work, Simon.
>>
>> Zach
>>
>>
>> On Wed, Feb 1, 2012 at 7:02 AM, Ishbir Singh <webmaster@ishbir.com> wrote:
>>>
>>> Hey,
>>>
>>> I think what you're doing is great work. Keep it up! I myself have had to
>>> use flask-wtf from time to time.
>>>
>>>
>>> On 1 February 2012 04:00, Simon Zimmermann <simonz05@gmail.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I've forked and update the Flask-WTF extension. Anyone interested
>>>> is free to review, and if bothered, give me some feedback.
>>>>
>>>> I think the extension has been left inactive by Dan Jacob for a
>>>> ~year now and I wanted to use it for a project. So I took the
>>>> freedom to do some cleaning.
>>>>
>>>> Package is at https://github.com/simonz05/flask-wtf
>>>>
>>>> # Brief description of changes
>>>>
>>>>    - In general the extension tries to do less, and we don't try
>>>>      to import everything wtforms has to offer. The extension
>>>>      code was reduced to just 214 lines, from 294 lines.
>>>>
>>>>    - The main functionality is a Form class which is a subclass
>>>>      of wtforms.ext.csrf.SecureSessionForm.
>>>>
>>>>    - Depends on wtforms-0.6.4dev.
>>>>
>>>>    - The extension follows the new flask ext package structure
>>>>      guidelines.
>>>>
>>>>    - Updated about 50% of the tests to make them more isolated
>>>>      and correct.
>>>>
>>>>    - Documentation was updated to reflect the changes to the
>>>>      library.
>>>>
>>>> # TODO
>>>>
>>>>    - Update examples.
>>>>
>>>>    - Typos in documentation
>>>>
>>>>    - Fix HTML5 tests/package.
>>>>
>>>> Furthermore, some of the things provided by this extension
>>>> should really be pushed to wtforms or just left out completly.
>>>> Recaptcha doesn't do anything flask-specific so it could be
>>>> provided by wtforms. HTML5 widgets fit into that category as
>>>> well.
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Ishbir Singh
>>>
>>
>
>
>
> --
> blog: http://www.debrice.com
> Time tracking tool: http://alpha.kaaloo.com
> Django site generator: http://alpha.djangogenerator.com
> linkedin: http://www.linkedin.com/in/bricepleroy
>

What about writing a email to him? I have written to him for Flask-Script.

2012/2/4 Ron DuPlain <ron.duplain@gmail.com>

> I'm sure we could find a maintainer for Flask-Script while we're at it.
>  :-)
> Anyone in touch with Dan Jacob to get PyPI transferred (or have another
> method)?
>
> Ron
>
>
> On Fri, Feb 3, 2012 at 6:17 PM, Brice Leroy <bbrriiccee@gmail.com> wrote:
> > Looks really good, not sure a pull request is worth it... you look like a
> > good candidate to become the main repository :)
> >
> >
> > 2012/2/1 Zach Williams <hey@zachwill.com>
> >>
> >> Awesome work, Simon.
> >>
> >> Zach
> >>
> >>
> >> On Wed, Feb 1, 2012 at 7:02 AM, Ishbir Singh <webmaster@ishbir.com>
> wrote:
> >>>
> >>> Hey,
> >>>
> >>> I think what you're doing is great work. Keep it up! I myself have had
> to
> >>> use flask-wtf from time to time.
> >>>
> >>>
> >>> On 1 February 2012 04:00, Simon Zimmermann <simonz05@gmail.com> wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> I've forked and update the Flask-WTF extension. Anyone interested
> >>>> is free to review, and if bothered, give me some feedback.
> >>>>
> >>>> I think the extension has been left inactive by Dan Jacob for a
> >>>> ~year now and I wanted to use it for a project. So I took the
> >>>> freedom to do some cleaning.
> >>>>
> >>>> Package is at https://github.com/simonz05/flask-wtf
> >>>>
> >>>> # Brief description of changes
> >>>>
> >>>>    - In general the extension tries to do less, and we don't try
> >>>>      to import everything wtforms has to offer. The extension
> >>>>      code was reduced to just 214 lines, from 294 lines.
> >>>>
> >>>>    - The main functionality is a Form class which is a subclass
> >>>>      of wtforms.ext.csrf.SecureSessionForm.
> >>>>
> >>>>    - Depends on wtforms-0.6.4dev.
> >>>>
> >>>>    - The extension follows the new flask ext package structure
> >>>>      guidelines.
> >>>>
> >>>>    - Updated about 50% of the tests to make them more isolated
> >>>>      and correct.
> >>>>
> >>>>    - Documentation was updated to reflect the changes to the
> >>>>      library.
> >>>>
> >>>> # TODO
> >>>>
> >>>>    - Update examples.
> >>>>
> >>>>    - Typos in documentation
> >>>>
> >>>>    - Fix HTML5 tests/package.
> >>>>
> >>>> Furthermore, some of the things provided by this extension
> >>>> should really be pushed to wtforms or just left out completly.
> >>>> Recaptcha doesn't do anything flask-specific so it could be
> >>>> provided by wtforms. HTML5 widgets fit into that category as
> >>>> well.
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Regards,
> >>> Ishbir Singh
> >>>
> >>
> >
> >
> >
> > --
> > blog: http://www.debrice.com
> > Time tracking tool: http://alpha.kaaloo.com
> > Django site generator: http://alpha.djangogenerator.com
> > linkedin: http://www.linkedin.com/in/bricepleroy
> >
>

I mean I have written to him for Flask-Script last year, not this time, and
he replied. Sorry for my poor English.

So, I think someone can write a email this time.

2012/2/4 heww0205 <heww0205@gmail.com>

> What about writing a email to him? I have written to him for Flask-Script.
>
>
> 2012/2/4 Ron DuPlain <ron.duplain@gmail.com>
>
>> I'm sure we could find a maintainer for Flask-Script while we're at it.
>>  :-)
>> Anyone in touch with Dan Jacob to get PyPI transferred (or have another
>> method)?
>>
>> Ron
>>
>>
>> On Fri, Feb 3, 2012 at 6:17 PM, Brice Leroy <bbrriiccee@gmail.com> wrote:
>> > Looks really good, not sure a pull request is worth it... you look like
>> a
>> > good candidate to become the main repository :)
>> >
>> >
>> > 2012/2/1 Zach Williams <hey@zachwill.com>
>> >>
>> >> Awesome work, Simon.
>> >>
>> >> Zach
>> >>
>> >>
>> >> On Wed, Feb 1, 2012 at 7:02 AM, Ishbir Singh <webmaster@ishbir.com>
>> wrote:
>> >>>
>> >>> Hey,
>> >>>
>> >>> I think what you're doing is great work. Keep it up! I myself have
>> had to
>> >>> use flask-wtf from time to time.
>> >>>
>> >>>
>> >>> On 1 February 2012 04:00, Simon Zimmermann <simonz05@gmail.com>
>> wrote:
>> >>>>
>> >>>> Hi,
>> >>>>
>> >>>> I've forked and update the Flask-WTF extension. Anyone interested
>> >>>> is free to review, and if bothered, give me some feedback.
>> >>>>
>> >>>> I think the extension has been left inactive by Dan Jacob for a
>> >>>> ~year now and I wanted to use it for a project. So I took the
>> >>>> freedom to do some cleaning.
>> >>>>
>> >>>> Package is at https://github.com/simonz05/flask-wtf
>> >>>>
>> >>>> # Brief description of changes
>> >>>>
>> >>>>    - In general the extension tries to do less, and we don't try
>> >>>>      to import everything wtforms has to offer. The extension
>> >>>>      code was reduced to just 214 lines, from 294 lines.
>> >>>>
>> >>>>    - The main functionality is a Form class which is a subclass
>> >>>>      of wtforms.ext.csrf.SecureSessionForm.
>> >>>>
>> >>>>    - Depends on wtforms-0.6.4dev.
>> >>>>
>> >>>>    - The extension follows the new flask ext package structure
>> >>>>      guidelines.
>> >>>>
>> >>>>    - Updated about 50% of the tests to make them more isolated
>> >>>>      and correct.
>> >>>>
>> >>>>    - Documentation was updated to reflect the changes to the
>> >>>>      library.
>> >>>>
>> >>>> # TODO
>> >>>>
>> >>>>    - Update examples.
>> >>>>
>> >>>>    - Typos in documentation
>> >>>>
>> >>>>    - Fix HTML5 tests/package.
>> >>>>
>> >>>> Furthermore, some of the things provided by this extension
>> >>>> should really be pushed to wtforms or just left out completly.
>> >>>> Recaptcha doesn't do anything flask-specific so it could be
>> >>>> provided by wtforms. HTML5 widgets fit into that category as
>> >>>> well.
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Regards,
>> >>> Ishbir Singh
>> >>>
>> >>
>> >
>> >
>> >
>> > --
>> > blog: http://www.debrice.com
>> > Time tracking tool: http://alpha.kaaloo.com
>> > Django site generator: http://alpha.djangogenerator.com
>> > linkedin: http://www.linkedin.com/in/bricepleroy
>> >
>>
>
>