librelist archives

« back to archive

Flask-WTForms "csrf_token missing" when using SelectMultipleField

Flask-WTForms "csrf_token missing" when using SelectMultipleField

From:
Bouni
Date:
2013-05-03 @ 14:13
Hi,

i try to use a SelectMultipleField within a form, but get an "csrf_token 
missing" when i do so.
Without everything works fine.

Here is the code:
----------------------------------------------
class MultiCheckboxField(SelectMultipleField):
widget = widgets.ListWidget(prefix_label=False)
option_widget = widgets.CheckboxInput()

class EditUserForm(Form):
id = HiddenInteger('id')
user = TextField('user', validators = 
[validators.Required(),validators.Length(min=3, max=25)])
roles = MultiCheckboxField('roles', validators = 
[validators.Required()], coerce=int)

@app.route('/edit/user/<int:id>', methods=['GET','POST'])
@permission_admin.require(401)
def edit_user(id):
form = EditUserForm()
user = User.query.get(id)
form.roles.choices = [(id, role.capitalize()) for id, role in 
Role.query.with_entities(Role.id,Role.role).all()]
form.roles.default = [role.id for role in user.roles]
form.process() # process form before assign other data, otherwise data 
gets removed
form.id.data = user.id
form.user.data = user.name
if form.validate_on_submit():
app.logger.debug("Success")
else:
if form.is_submitted():
app.logger.debug(form.errors)
return render_template('edit_user.html', form=form)
----------------------------------------------

Here the template:
----------------------------------------------
<form action="" method="post" name="edit_user">
{{ form.hidden_tag() }}
{{ form.id }}
<table>
<thead>
<tr>
<th>Username</th>
<th>Berechtigungsstufen</th>
</tr>
</thead>
<tr>
<td class="user-name">{{ form.user }}</td>
<td class="user-roles">{{ form.roles(class_='edit-checkboxes') }}</td>
</tr>
{% if form.errors %}
<tr>
<td class="user-name">
{% for error in form.errors.user %}
<span style="display: block; color: red;">{{ error }}</span><br>
{% endfor %}
</td>
<td class="user-roles">
{% for error in form.errors.roles %}
<span style="display: block; color: red;">{{ error }}</span><br>
{% endfor %}
</td>
</tr>
{% endif %}
</table>
----------------------------------------------

The debugger says:
----------------------------------------------
DEBUG in web [web.py:263]:
{'csrf_token': [u'CSRF token missing']}
----------------------------------------------

When I inspect the HTML, I see that the csfr_token is there:
----------------------------------------------
<form action="" method="post" name="edit_user">
<div style="display:none;"><input id="csrf_token" name="csrf_token" 
type="hidden" 
value="20130503162651##005455b63501594e9465216be0f491d277f801f6"></div>
----------------------------------------------

Possibly i've already found the answer here:

http://stackoverflow.com/questions/15649027/wtforms-csrf-flask-fieldlist#answer-15651474

But i simply don't understand the problem :-)
Hope anybody can help me with this issue.

regards

Elias