Flask validation OR that would have been nice to know!

I’m building some sample sites to display my python skills. In one site, I’m building a app using Flask as the framework to show the web pages. In this page, I need to enter a username that will be used to collect some data from another site. Before I start writing the function to collect and massage the data, I want to be sure I could capture the username entered. I think “No problem”. The Flask module has several examples and tutorials on how to build a form and validate the data entered. I set it up … and it does not work.

I want to set up the same form in two places: as a form field in a navigation bar and as a separate form page, in case there was a problem using the original form field. In the navigation bar, I set up a simple form with one field, the username. The form would send the HTTP request to a submit page, where the form would be validated and sent back to the original form page with an additional  message OR stop and display the full form again in the same separate page (in case someone clicked the submit button in the nav bar without filling in the form field). In both forms, I was sent to the submit page, even after filling out the form field. The form data was never validated in the submit page, so that submit page was redrawn. Why?

I thought there was something wrong with the HTML generated by the flask templates, so I reviewed that HTML. It was fine. I figured out how to include bootstrap classes into flask forms, so that review was helpful. However, I was still stuck on the submit page. I thought there was something wrong with the HTML names and ids of the forms and form fields, but no. Everything was named properly. I reviewed my flask tutorial and the FlaskForm and flask-wtf module documentation pages. My forms.py and views.py pages were set up properly. Wait … What’s this bit about CSRF (cross site request forgery) tokens included in flask forms? That’s nice to use eventually, but I’m doing local testing. Why should I care about CSRF checking?

It turns out that the hidden CSRF field generated by a flask form is what is used to validate the form itself. If the CSRF field is not included in the original form, the form will never validate. That would have been nice to know.

I found one line in the (old) tutorial I used from Miguel Grinberg that says “The SECRET_KEY setting is only needed when CSRF is enabled, and is used to create a cryptographic token that is used to validate a form.” That line does not appear in sections describing form templates or form views, but at the top section describing configuration. I read nothing that confirms this in the flask docs or the flask-wtf docs. However, it appears to be true. The flask CSRF token is required to validate the form. No CSRF token:  no validation. A day and a half wasted.

Advertisements

PHP Frameworks: choosing one

I have a small project that I need to demo. I also want to learn PHP frameworks to get me in the right frame of mind to examine Ruby/Rails and/or Python/Django. From what I’ve found there are several PHP frameworks to choose from:

  • Zend Framework 2/3
    • It looks nice. it would not surprise me if it ties strongly into Zend Studio, which I don’t use. I don’t enjoy learning too many things at once, so I’ll pass.
  • CodeIgniter 2.2
    • Also a possibility, but it seems too allow too much. MVC encouraged, but not forced. Simple tempting allowed, but add-ons built to allow work with templating engines. This time, I do want to see a framework’s creation of MVC. Maybe next time.
  • Symfony
    • I like the idea of having a framework and stand-alone components (if needed). However, I see Twig used as the template engine. I am comfortable with Smarty and want to learn one new thing at a time. Maybe next time.
  • Laravel
    • This looks really good. It uses “Eloquent”, which is an ActiveRecord (Ruby/Rails) implementation in PHP. ActiveRecord makes CRUD so much easier.
    • It uses migrations. That’s a concept I first saw in Ruby/Rails, which acts something like version control for databases. Very, very cool for testing.
    • On the other hand, it uses Blade template engine. I’ll deal with a new template engine another time
    • Mcrypt required as part of the list of running php extensions. My stock version of php does not have Mcrypt installed. Installing it seems like a pain, so I’ll pass this time.

I’m going to try CakePHP for this small project. It has the MVC framework that I’ve used informally in the past. It can integrate nicely (I’m told) with Smarty. All I need to do now is install it.

Ruby/Rails training book suggestions

This list was first collected in February 2014, so it could probably stand some updating. My original list says to consider the following books:

I also have a note to myself to ignore the O’Reilly Ruby books. I don’t know why I wrote that note any more.

I also don’t know why the Agile book ( Agile Web Development with Rails 4) is not considered.

I also heard about this website ( http://learnrubythehardway.org/book/intro.html ) which may be added to an updated list.

It’s probably time to update the list.