python組件之wtforms

簡介

  幫助咱們在HTML中快速生成form標籤,同時還能夠對用戶提交的form請求的數據進行驗證。html

安裝

pip3 install wtforms

使用

  建立對象:構建form標籤函數

class LoginForm(Form):
    name = fields.simple.StringField(
        label="用戶名",
        validators=[
            validators.DataRequired(message="用戶名不能爲空"),
        ],
        widget=widgets.TextInput(),
        render_kw={"placeholder": "請輸入用戶名"}
    )
    password = fields.simple.PasswordField(
        label="密碼",
        validators=[
            validators.DataRequired(message="密碼不能爲空"),
            validators.Length(min=8, message='用戶名長度必須大於%(min)d'),
            validators.Regexp(regex="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}",
                              message='密碼至少8個字符,至少1個大寫字母,1個小寫字母,1個數字和1個特殊字符')
        ],
        render_kw={"placeholder": "請輸入密碼"}
    )

 

 

  實例化對象,進行模板渲染ui

# 實例化
form = LoginForm()

# HTML
{{ form.name.label }} 獲取label值
{{ form.name }}  獲取input標籤
{{form.name.errors[0]}} 獲取錯誤信息

# 標籤比較多的,能夠循環form
{% for foo in form %}
<div>{{ foo.label }}:{{ foo }} {{ foo.errors[0] }}</div>
{% endfor %}

  實例化對象,進行數據驗證url

form = LoginForm(POST提交的數據)
if form.validate():
    # 知足條件, 獲取數據
    data = form.data
else:
    # 有錯誤
    errors = form.errors

 

鉤子

  自定義鉤子函數spa

# validate_字段名
def validate_name(self, field):
    # 定義本身的驗證
    if not field.data.startswith("a"):
        raise validators.ValidationError("用戶名必須以a開頭")

 

CSRF

from wtforms.csrf.core import CSRF
from hashlib import md5

class MyCSRF(CSRF):
    """
    Generate a CSRF token based on the user's IP. I am probably not very
    secure, so don't use me.
    """

    def setup_form(self, form):
        self.csrf_context = form.meta.csrf_context()
        self.csrf_secret = form.meta.csrf_secret
        return super(MyCSRF, self).setup_form(form)

    def generate_csrf_token(self, csrf_token):
        gid = self.csrf_secret + self.csrf_context
        token = md5(gid.encode('utf-8')).hexdigest()
        return token

    def validate_csrf_token(self, form, field):
        print(field.data, field.current_token)
        if field.data != field.current_token:
            raise ValueError('Invalid CSRF')

class LoginForm(Form):
    ......
    class Meta:
        csrf = True
        csrf_field_name = 'csrf_token'
        csrf_secret = 'sldfjkjdl'
        csrf_context = lambda x: request.url
        csrf_class = MyCSRF

# html
{{ form.csrf_token }}
相關文章
相關標籤/搜索