WTForms是一个支持多个web框架的form组件,主要用于生成HTML标签,对用户请求数据进行验证。
安装
pip install wtforms
使用
用户注册示例
from flask import Flask
from flask import request
from flask import render_template
from wtforms import Form
from wtforms.fields import simple
from wtforms.fields import core
from wtforms import validators
app = Flask(__name__)
class RegisterForm(Form):
user = simple.StringField(
label='用户名',
validators=[
validators.DataRequired(message='用户名不能为空'),
validators.Length(min=6, max=16, message='用户名的长度为6-16'),
],
)
pwd = simple.PasswordField(
label='密码',
validators=[
validators.DataRequired(message='密码不能为空'),
validators.Regexp(
regex=r'(?=.*d)(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,16}',
message='密码中必须包含字母、数字、特殊字符,至少8个字符,最多16个字符',
)
],
)
pwd_confirm = simple.PasswordField(
label='确认密码',
validators=[
validators.DataRequired(message='密码不能为空'),
validators.EqualTo('pwd', message='两次密码输入不一致')
],
)
email = simple.StringField(
label='邮箱',
validators=[
validators.DataRequired(message='邮箱不能为空'),
validators.Email('邮箱格式错误'),
]
)
gender = core.RadioField(
label='性别',
choices=[(1,'男'),(2,'女')],
validators = [validators.DataRequired(message='性别不能为空')],
coerce=int # 将提交的字符串类型的数据,转换成int类型
)
city = core.SelectField(
label='城市',
choices=[
('bj','北京'),
('wh','武汉'),
('sh','上海'),
],
validators=[validators.DataRequired(message='城市不能为空')],
)
hobby = core.SelectMultipleField(
label='爱好',
choices=[
(1, '写代码'),
(2, '睡觉'),
(3, '吃饭'),
],
validators=[validators.DataRequired(message='爱好不能为空')],
coerce=int,
default=[1, 2]
)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
for name, field in self._fields.items():
if name == 'gender':
continue
field.render_kw = {"class":"form-control"}
@app.route('/register', methods=['GET', 'POST'])
def register():
if request.method == "GET":
form = RegisterForm(data={'city': 'bj'})
return render_template('register.html', form=form)
if request.method == 'POST':
form = RegisterForm(formdata=request.form)
if form.validate():
print(form.data)
return '验证成功'
else:
return render_template('register.html', form=form)
if __name__ == '__main__':
app.run()
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<title>Title</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<style>
ul{
margin: 0;
padding: 0;
list-style-type: none;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<form class="form-horizontal col-md-8 col-md-offset-2" action="" method="post" novalidate>
{% for item in form %}
<div class="form-group">
<label for="{{ item.id }}" class="col-sm-2 control-label">{{item.label}}:</label>
<div class="col-sm-10">
{{ item }}
<span style="color: red">{{item.errors.0}}</span>
</div>
</div>
{% endfor%}
<div class="text-center">
<input type="submit" value="提交" class="btn btn-success">
</div>
</form>
</div>
</div>
</body>
</html>
CSRF_token
from wtforms.csrf.core import CSRF
from hashlib import md5
class MyCSRF(CSRF):
def setup_form(self, form):
self.csrf_context = form.meta.csrf_context()
self.csrf_secret = form.meta.csrf_secret
return super().setup_form(form)
def generate_csrf_token(self, csrf_token):
gid = self.csrf_secret + self.csrf_context
token = md5(gid.encode('utf-8')).hexdigest()
return token
def validate_csrf_token(self, form, field):
print(field.data, field.current_token)
if field.data != field.current_token:
raise ValueError('Invalid CSRF')
class LoginForm(Form):
user = simple.StringField(
render_kw={
'class': 'xxx',
'placeholder': '请输入用户名'
},
validators=[
validators.DataRequired(message='用户名不能为空'),
validators.Length(min=6, max=16, message='用户名长度在5-16位')
]
)
pwd = simple.PasswordField(
render_kw={
'class': 'xxx',
'placeholder': '请输入密码'
},
validators=[
validators.DataRequired(message='密码不能为空'),
validators.Regexp(
regex=r'(?=.*d)(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,16}',
message='密码中必须包含字母、数字、特殊字符,至少8个字符,最多16个字符',
)
]
)
class Meta:
csrf = True
csrf_field_name = 'csrf_token'
csrf_secret = 'xxxxxx'
csrf_context = lambda x: request.url
csrf_class = MyCSRF
模板文件中,在form标签内添加一行
{{ form.csrf_token }}
钩子函数
validate_字段名
def validate_user(self, field):
print(field.data)
if field.data != 'xxxxxx':
# raise validators.ValidationError('用户名不是xxxxxx')
# 当前字段不再进行后续规则验证
raise validators.StopValidation('用户名不是xxxxxx')