Flask validation OR that would have been nice to know!

I’m building some sample sites to display my python skills. In one site, I’m building a app using Flask as the framework to show the web pages. In this page, I need to enter a username that will be used to collect some data from another site. Before I start writing the function to collect and massage the data, I want to be sure I could capture the username entered. I think “No problem”. The Flask module has several examples and tutorials on how to build a form and validate the data entered. I set it up … and it does not work.

I want to set up the same form in two places: as a form field in a navigation bar and as a separate form page, in case there was a problem using the original form field. In the navigation bar, I set up a simple form with one field, the username. The form would send the HTTP request to a submit page, where the form would be validated and sent back to the original form page with an additional  message OR stop and display the full form again in the same separate page (in case someone clicked the submit button in the nav bar without filling in the form field). In both forms, I was sent to the submit page, even after filling out the form field. The form data was never validated in the submit page, so that submit page was redrawn. Why?

I thought there was something wrong with the HTML generated by the flask templates, so I reviewed that HTML. It was fine. I figured out how to include bootstrap classes into flask forms, so that review was helpful. However, I was still stuck on the submit page. I thought there was something wrong with the HTML names and ids of the forms and form fields, but no. Everything was named properly. I reviewed my flask tutorial and the FlaskForm and flask-wtf module documentation pages. My forms.py and views.py pages were set up properly. Wait … What’s this bit about CSRF (cross site request forgery) tokens included in flask forms? That’s nice to use eventually, but I’m doing local testing. Why should I care about CSRF checking?

It turns out that the hidden CSRF field generated by a flask form is what is used to validate the form itself. If the CSRF field is not included in the original form, the form will never validate. That would have been nice to know.

I found one line in the (old) tutorial I used from Miguel Grinberg that says “The SECRET_KEY setting is only needed when CSRF is enabled, and is used to create a cryptographic token that is used to validate a form.” That line does not appear in sections describing form templates or form views, but at the top section describing configuration. I read nothing that confirms this in the flask docs or the flask-wtf docs. However, it appears to be true. The flask CSRF token is required to validate the form. No CSRF token:  no validation. A day and a half wasted.

Advertisements

nice to know: python imports

I am writing a Python command line app that cleans up data scraped from a web page and imports that data into associated tables inside a MySQL database. The top level of the directory holding the python files is getting crowded. I wanted to move the dependent modules into a directory and import those modules into the main file. I find out that I need to add that child directory into a sys.path list before I can import the modules. That’s good to know, but it’s too much for a command line script.

See here for more info:

error on part 0 of Ansible install

I’ve mentioned that I decided to use Ansible for my server configuration management. This installation has finally bubbled up as the first item on my to-do list. I looked around to see how to install it. Since I already have Homebrew installed on my mac, I saw two options:

  1. > brew install ansible
  2. > pip3 install ansible

I did not know any reason why these would be different, so I went ahead and ran ‘> brew install ansible’. That was a mistake. Ansible lists Python 2 as a dependency, which is not included in my Homebrew installation. Homebrew installs Python 2.7.13. I also have Python 3 running (3.6.2). I also found out there’s a third version of Python (2.7.10) which is part of the default installation in my laptop. 3 versions of Python on one machine. Wonderful!

I created a /etc/ansible/hosts file and did a test ping, which returns UNREACHABLE. That makes no sense, but I think I have to use some command line options to use the correct account.

Also, I don’t know which version of ansible is running. I may want to remove the Homebrew version and figure out how to use the python3 version. What a mess.

After a day of thought, I decided to check a few things:

> ansible —version

> ansible 2.3.2.0 (good)

… python version = 3.6.2 (what? Why not 2.7.13 or 2.7.10? Interesting.)

I checked the documents page at ansible.com. They say that ansible can run with python3 in one of two ways:

  1. > python3 <path/to/ansible> localhost -m ping
  2. > ansible localhost -m ping -e ‘ansible_python_interpreter=<path/to/python3>

To see what happens, I also tried

  1. > ansible localhost -m ping

It turns out all return good pings from localhost, so … I guess my installation is OK. Even so, next time, avoid using Homebrew for ansible installations.

Server automation, part 0

My infrastructure is slowly getting bigger, in spite of everything I do. I decided to research the current CI tools to decide what would be useful to use and what a potential employer would find useful. I’m trying to avoid learning another language. Puppet and Chef were ideas I was considering, but the need to become familiar with another language (Ruby) made me look at other options. On the other hand, I need to relearn Ruby anyways if I’m going to use Capistrano for deployment to remote servers. One thing at a time.

So far, I’m going round and round with Ansible and Salt, both in the Python universe. I’ve also run across something called StackStorm, which could be a possibility. (IFTTT for servers OR “event-driven automation”.) I’ll need to look at that another time to make valid decisions about that.

So far, it looks like Ansible would be easier to use, except for one issue. I’m still unclear if Ansible is useful with Python 3. I know that Ansible 2.2+ does run with Python 3, but it’s unclear if any related Ansible modules I might use are also compatible with Python 3.

I should probably try out at least two applications. For now, I’m going to try out Ansible.

Python errors: I should have known that

I needed to write some data to a MySQL database. I set up the MySQL Python connector without any real trouble. I tested it in a tiny Python page and it does connect to the correct database. Great!

I moved the connection code to a function on a new page and ran into trouble. I kept seeing a message saying something about “Reference error: weakly-referenced object no longer exists”. After a detour into weak references, I realized the issue was garbage collecting. Somewhere within my function, I had a object that was disappearing.

The connection function had no parameters. A connection object local to the function was created and the resulting cursor was returned. You should see the problem immediately. The connection object what the item that was disappearing. I rewrote the function to send back the connection object and then extract the cursor from the returned object. That error message went away.

I had another strange problem where updating a field was not allowed because of a type mismatch. I’m used to PHP, where weak or loose types are the norm. Once I realized that data going into the MySQL table also needs to match the correct type expected by the MySQL column, my problem is solved.

MySQL or PostGres? Why not both? Well …

I have some mini-projects that I would like to move off my laptop and onto the internet for further testing. Almost all my projects involve web-enabled databases, so I need to set up databases to handle the data used by the websites. For now, I want to stay away from NoSQL, which I something I don’t know yet. In that case, which to choose, MySQL or PostGres?

I’ve used MySQL forever. I think my first MySQL book (which I rarely use any more) discusses MySQL 3. I’ve appreciated the transition to MySQL 4, then 5. I know what it does. I have no trouble setting up MySQL PDO statements in PHP. I’m familiar with the MySQL Python modules and can also connect that way, too. However …

MySQL is owned by Oracle. Ever since it was bought by them, there has been an underlying question about how much support the community (free) edition would receive. Oracle’s latest financial snapshot came out recently (June 2016). They made most of their money with their cloud offering, as I understand it. They made no money in support or development. You have to wonder how much longer MySQL will keep going before it stagnates. I could move over to MariaDB, the “open source” version of MySQL, as strange as that sounds. I’m thinking that if I’m going to use a MySQL copy, why not use MySQL?

A few years ago, I took a Saas class through a Berkeley MOOC (CS 169, Agile Development Using Ruby on Rails). They set up accounts on Github and Heroku for their students. I liked how easy it was to migrate code and data onto the cloud using both platforms. My problem at the time was that I was not familiar with them, so it was one more thing I had to learn quickly while taking the class. Ruby favors Postgres as the database and Heroku made it easy to move the data through the command line interface installed through their app. If I’m going to host my projects on the cloud, then I should stick to what makes it easy.

However, I’m very familiar with MySQL. It’s easy to install. I know how to do basic hardening of the database. It’s easy to read/write to MySQL from PHP, using proper credentials. I’m starting over with Postgres. The stock version of PHP that comes with El Capitan does not handle PDO calls to Postgres by default. I have to compile them myself. Which Postgres do I install? Is Postgres.app really that much better? So many questions that I need to answer.

And now I’m looking at cloud services in addition to Heroku. AWS Elastic Beanstalk to use with Docker. Digital Ocean (super cheap). Linode (not as cheap, but I have considered them before.) Hmm …

Catching up with Python

I always forget that major software upgrades in OS X reset permissions in /usr/local. When I checked my brew install, I saw that message. I played around with write permissions only, but in the end, did what brew recommended and reset the permissions as described. That allowed me to update brew and move on to the next task: updating Python3.

I was not as far back as I expected. I was sitting on Python 3.4. The upgrades went smoothly and I’m back to Python 3.5.1. I thought I had modules installed, but I’m not getting any list of local modules installed. It’s very possible, since I never did much with on the desktop. That will be the next task.