Goals:

• 學(xué)習(xí)使用WTForms.
• 學(xué)習(xí)使用Flask-WTF
• 學(xué)習(xí)使用如何寫Flask插件.
• 學(xué)習(xí)什么是CSRF(待完成).
• 學(xué)習(xí)flask中的redirect.

Part1 WTForms --- A Quick Start.

Let's begin from A mini example.

# flask_wtf_demo.py
from flask import Flask, render_template
from flask_wtf import Form
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired

app = Flask(__name__)
app.config['SECRET_KEY'] = "salt river"

class MyForm(Form):
    name = StringField("what's your name", validators=[DataRequired()])
    submit = SubmitField('Submit')

@app.route('/index', methods=('GET', 'POST'))
def submit():
    name = None
    form = MyForm()
    if form.validate_on_submit():
        name = form.name.data 
        form.name.data = ''
    return render_template('index.html', form=form, name=name)

if __name__ == '__main__':
    app.run(debug=True)

<!DOCTYPE html>
<html>
<head>
    <title>Flask-WTF Demo</title>
</head>
<body>
    <form method="POST">
        {{ form.hidden_tag() }}
        {{ form.name.label }} {{ form.name() }}
        {{ form.submit() }}
    </form>

    {% if not name %}
    <p>Hello, Stranger.</p>
    {% else %}
    <p>Hello, {{name}}</p>
    {% endif %}
</body>
</html>

Part2 Flask-WTF

下面我們一起來追蹤一下程序執(zhí)行流程，重點(diǎn)關(guān)注，flask.request, session, current_app中的信息是怎么與插件交互的. 當(dāng)我們執(zhí)行完這段代碼時(shí)候（此時(shí)request還沒有到來）:

class MyForm(Form):
    name = StringField("what's your name", validators=[DataRequired()])
    submit = SubmitField('Submit')

實(shí)際上MyForm的metaclass（wtforms中的FormMeta類）已經(jīng)在定義類的時(shí)候干了很多事情了.具體干了哪些事呢？我們暫時(shí)只關(guān)注結(jié)果就行了. 查看MyForm.name, 和MyForm.submit中的內(nèi)容.

• MyForm.name ---> <UnboundField(StringField, ("what's your name",), {'validators': [<wtforms.validators.DataRequired object at 0x10310cc10>]})>
• MyForm.submit ---> <UnboundField(SubmitField, ('Submit',), {})>
  從字面意思來理解就是未被綁定的Field.因?yàn)檫€沒有與具體的request/app中的Form進(jìn)行綁定.當(dāng)我們直接初始化form = MyForm()時(shí)， 會(huì)出現(xiàn) "RuntimeError: working outside of application context."原因在于，在flask_wtf.Form中的init函數(shù)中:

        if csrf_enabled is None:
            csrf_enabled = current_app.config.get('WTF_CSRF_ENABLED', True)

current_app并沒有push到Request_Context中.
下面我們?cè)诿钚兄凶鱿旅娴膶?shí)驗(yàn):

$python -i flask_wtf_demo.py
>>>#模擬"GET"方法.
>>>ctx=app.test_request_context('127.0.0.1:5000/index')
>>>form = MyForm()
>>>form.name.data  # None
>>>form.validate()
False
>>>form.errors
...
>>>form.name.label()
u'<label for="name">what\'s your name</label>'
>>>form.name()
u'<input id="name" name="name" type="text" value="">'
>>>ctx.pop()

對(duì)應(yīng)到flask_wtf源碼中就是Form.init中:

        if formdata is _Auto:
            if self.is_submitted():
                ...
            else:
                formdata = None # <------

因?yàn)闉?GET"方法所以formdata為None.
另一個(gè)實(shí)驗(yàn),在命令行中測(cè)試"POST"方法:

>>>ctx = app.test_request_context('127.0.0.1:5000/index', method='POST', data={'name': 'saltriver'})
>>>ctx.push()
>>>form=MyForm(csrf_enabled=False)
>>>form.validate()
True
>>>form.validate_on_submit()
True

于是我們便可以對(duì)form進(jìn)行處理了.

Part 3 Redirect重定向.

@app.route('/', methods=('GET', 'POST'))
def submit():
    name = None
    form = MyForm()
    if form.validate_on_submit():
        session['name'] = form.name.data
        return redirect(url_for('submit'))
    return render_template('index.html', form=form, name=session.get('name'))

下面看看redirect的實(shí)現(xiàn).