[Flask] Form with no validators failing validation

Alex Hall ahall at autodist.com
Mon Apr 25 15:01:18 EDT 2016 

I had it off, but was already using form.hidden_tag() anyway. I just turned
it on, but got the same result. Good thought--I wouldn't have even
considered CSRF--but sadly it didn't seem to make a difference.

On Mon, Apr 25, 2016 at 2:54 PM, Anthony Ford <ford.anthonyj at gmail.com>
wrote:

> I'm about to board a flight, so forgive the short message and lack of
> links, but do you have csrf enabled? If so, there's a chance you might be
> running into that. You can force disable it in your form model and see if
> that resolves it, or you can include the form.hidden_tags in your template.
>
> I may have the spelling or capitalization wrong, so check the flask-wtf
> docs for details.
>
> --Anthony
> On Apr 25, 2016 2:49 PM, "Alex Hall" <ahall at autodist.com> wrote:
>
>> Hi list,
>> As the subject says, my form is doing something odd. Though I've defined
>> no validators for it at all, it's suddenly failing validation. I've tried
>> validate() and validate_on_submit() with no change. My form is quite simple:
>>
>> class OrderSearchForm(Form):
>>  orderNumber = StringField("orderNumber")
>>  #orderNumber = StringField("orderNumber", validators=[Length(-1, 7, "If
>> you enter an order number, it must be 5 or 7 characters.")])
>>  orderGeneration = IntegerField("orderGeneration")
>>  startDate = StringField("startDate")
>>  endDate = StringField("endDate")
>>  hiddenStartDate = HiddenField("hiddenStartDate")
>>  hiddenEndDate = HiddenField("hiddenEndDate")
>>  maxResults = StringField("maxResults")
>>  hasErrors = BooleanField("hasErrors")
>>  users = SelectMultipleField("Users", choices=[(u, u) for u in userNames])
>>  locations = SelectMultipleField("warehouses", choices=[(l, l) for l in
>> locations])
>>
>> I've defined usernames and locations already. When I output the field
>> values, I see that my hidden date fields have values while my visible ones
>> don't, and that everything else is fine--empty if I didn't enter data,
>> presenting the text entered or options selected if I did anything to that
>> field. That is, the form data seems to be passing back to the function with
>> no problem, but it always fails. Here's my function:
>>
>> @app.route("/orderSearch", methods=searchMethods)
>> def orderSearch():
>>  searchForm = OrderSearchForm()
>>  #now that the form is constructed, we can set the label text properties
>> of the elements
>>  searchForm.orderNumber.label.text = "Order number to search for"
>>  searchForm.orderGeneration.label.text = "Order generation (leave blank
>> for all generations)"
>>  searchForm.startDate.label.text = "Starting date of search"
>>  searchForm.endDate.label.text = "End date of search"
>>  searchForm.maxResults.label.text = "Maximum results to return"
>>  searchForm.locations.label.text = "choose locations to include"
>>  searchForm.users.label.text = "user accounts to include"
>>  searchForm.hasErrors.label.text = "Only orders with errors"
>>
>>  if request.method != "POST":
>>   print "Returning rendered template. Validated: %s. Method: %s."
>> %(searchForm.validate(), request.method)
>>   return render_template("search.html", form=searchForm, title="Order
>> Search")
>>  elif not searchForm.validate_on_submit():
>>   print "Form failed validation."
>>   orderNumber = request.form.get("orderNumber", None)
>>   orderGeneration = request.form.get("orderGeneration", None)
>>   errorsOnly = bool(request.form.get("hasErrors", False))
>>   locations = request.form.getlist("locations", None)
>>   users =request.form.getlist("users", None)
>>   startDate = request.form.getlist("startDate", None)
>>   endDate = request.form.getlist("endDate", None)
>>   hiddenStartDate = request.form.getlist("hiddenStartDate", None)
>>   hiddenEndDate = request.form.getlist("hiddenEndDate", None)
>>   maxResults = request.form.getlist("maxResults", None)
>>   print "Number: {number}\nGeneration: {generation}\nLocations:
>> {locations}\nUsers: {users}\nErrors Only: {errorsOnly}\nStart Date:
>> {startDate}\nEnd Date: {endDate}\nHidden Start Date:
>> {hiddenStartDate}\nHidden End Date:
>> {hiddenEndDate}".format(number=orderNumber, generation=orderGeneration,
>> locations=locations, users=users, errorsOnly=errorsOnly,
>> startDate=startDate, endDate=endDate, hiddenStartDate=hiddenStartDate,
>> hiddenEndDate=hiddenEndDate)
>>   return json.dumps(
>>    { "errors": [
>>     {"Number": 0, "Message": "The form failed validation."}
>>    ]}
>>   )
>>  else: #the form was posted, and passed validation, so return the JSON
>>   print "Returning JSON."
>>   orderNumber = request.form.get("orderNumber", None)
>>   orderGeneration = request.form.get("orderGeneration", None)
>>   errorsOnly = bool(request.form.get("hasErrors", False))
>>   locations = request.form.getlist("locations", None)
>>   users =request.form.getlist("users", None)
>>   maxResults = request.form.getlist("maxResults", None)
>>   print "Number: {number}\nGeneration: {generation}\nLocations:
>> {locations}\nUsers: {users}\nErrors Only:
>> {errorsOnly}".format(number=orderNumber, generation=orderGeneration,
>> locations=locations, users=users, errorsOnly=errorsOnly)
>>   print request.form.hiddenStartDate
>>   print request.form.hiddenEndDate
>>   results = []
>>   for result in DBInterface.getOrderDetails(orderNumber=orderNumber,
>> orderGeneration=orderGeneration, locations=locations, users=users,
>> errorsOnly=errorsOnly, limit=maxResults):
>>    results.append({
>>     "username": result.user,
>>     "orderNumber": result.reference_3[:5],
>>    "orderGeneration": result.reference_3[5:7],
>>    "computer": result.computer,
>>     "errors": result.reference_9
>>    })
>>   return json.dumps(results)
>>
>> The only thing I've changed recently is the addition of the date fields,
>> the visible two of which are tied via JS to JQueryUI date pickers and the
>> hidden two of which are those pickers' altFields. They seem to work fine,
>> though. I'm not sure why it would keep failing like this; again, there are
>> no validators at all. I've killed the Flask server and restarted it, just
>> to check that something odd wasn't going on there, but that didn't do
>> anything. Is there anything else I could do? Any other code you'd need to
>> see?
>>
>> --
>> Alex Hall
>> Automatic Distributors, IT department
>> ahall at autodist.com
>>
>> _______________________________________________
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>>


-- 
Alex Hall
Automatic Distributors, IT department
ahall at autodist.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20160425/e37bf6ec/attachment.html>

More information about the Flask mailing list