0

I have an InterField, that validates if a number is between the values 0 and 99. For some reason it never validates. I have a feeling it is related to the FieldList and ther way I iterate over it in the template, but can't seem to get it working.

The form:

class dpiaImpactAnalysisForm(Form):

    severity_score = IntegerField("Severity Score"), 
        validators=[NumberRange(min=0, max=99, message="Please provide a valid number")]))
    identifiability_score = IntegerField("Identifiability Score"),
        validators=[NumberRange(min=0, max=99, message="Please provide a valid number")]))


class dpiaThreatAnalysisForm(Form):

    impact = FieldList(FormField(dpiaImpactAnalysisForm), min_entries=1)

In views I append the entries dynamically as required:

@app.route('/dpia/analysis/<project_id>', methods=["GET", "POST"])
def analysis(project_id):

    form = dpiaThreatAnalysisForm()

    prim = Assets.query.filter_by(selected=True, primary=True).all()
    primary_assets = list(map(vars, prim))

    ev = Events.query.all()
    events = list(map(vars, ev))

    # add fields to the form...
    for z in range(len(prim) * len(ev)):
        form.impact.append_entry()

    supp = Assets.query.filter_by(selected=True, primary=False).all()
    supporting_assets = list(map(vars, supp))

    ths = Threats.query.all()
    threats = list(map(vars, ths))

    # add fields to the form
    for z in range(len(ths) * len(supp)):
        form.likelihood.append_entry()

    if form.is_submitted():
        print "submitted"
    if form.validate():
        print "valid"
    print form.errors

    if form.validate_on_submit():
        # This is never printed:
        app.logger.info("success!!")
        pprint(form.likelihood)

    return redirect(url_for(next_step, project_id=project_id))
return render_template('analysis.html', form=form, threats=threats, supporting_assets=supporting_assets, primary_assets=primary_assets, events=events)

In the template I iterate over a list primary_assets in a list events, and add the fields per iteration:

{% for val in events %}
   {% if not counter or loop.index0 == 0 %}
      {% set counter = [] %}  <!-- loop hack !-->
   {% endif %}
   <strong>Event: {{ val.name }}</strong><br />
   Jeopardizes: {{ val.jeopardizes }}<br />

   {% for pa in primary_assets %}
       <strong>{{ pa['name'] }}</strong><br />
       {{ form.impact[counter|length].identifiability_score(placeholder='') }} <br />
       {{ form.impact[counter|length].severity_score(placeholder='') }} 
       {{ form.impact[counter|length].hidden_tag() }} 
       {% if counter.append('1') %}{% endif %}
   {% endfor %}
{% endfor %}

The hidden_tag() doesn't work either. Normally I iterate of the forms with with something like 

 {% for impact in form.impact %}
     {{ impact.form.hidden_tag() }}
     # do cbg
  {% endfor %}

and that works, that's why I believe it's my manual looping that spoils it...

EDIT 2 march, 17:26

After some testing, I found that using

severity_score = IntegerField("Severity Score", validators=[Optional(), NumberRange( min=0, max=9999999999, message="Please provide a valid number")])

works (if I set min=50 I get an error when inserting a number below 50), however, the CSRF is still not getting passed.

{{ form.impact[counter|length].hidden_tag() }} or {{ form.impact[counter|length].form.hidden_tag() }} both don't work :(

I'm getting: {'impact': [{'csrf_token': ['CSRF token missing']}, {'csrf_token': ['CSRF token missing']}]}

EDIT 18:22

It seems that this: Form validation fails due missing CSRF is the solution. Investigating...

Community
  • 1
  • 1
puredevotion
  • 1,135
  • 1
  • 11
  • 27
  • What is `form` and what is `bananas`? – dirn Mar 02 '15 at 16:23
  • @dirn see edit above. in the for-loop I iterate over the `fieldlist(formfield())` (`impact` comes from `dpiaThreatAnalysisForm`) – puredevotion Mar 02 '15 at 16:30
  • I was referring to the references in your views. You shared *some* of your code, but a lot of important stuff seems to be missing. You consume variables that are never defined. It's quite possible that `form` isn't being instantiated correctly, but until we see the whole view, it's hard to know. – dirn Mar 02 '15 at 16:46
  • @dirn added more view code. – puredevotion Mar 02 '15 at 17:10
  • Do you include the CSRF token in your form? – dirn Mar 02 '15 at 20:25
  • The hidden-tag() takes care of that – puredevotion Mar 02 '15 at 20:28
  • Is `hidden_tag()` actually including it? Are you sure you don't need `form.hidden_tag()` instead of things like `impact.form.hidden_tag()` and `form.impact[...].hidden_tag()`? – dirn Mar 04 '15 at 00:09
  • this got fixed by the `CsrfProtect(app)` line, that in previous versions of WTforms wasn't needed... – puredevotion Mar 04 '15 at 13:35

1 Answers1

0

This: Form validation fails due missing CSRF is the solution.

In previous versions this wasn't needed, and after an installation of a new extension pip updated flask-wtf as well...

Community
  • 1
  • 1
puredevotion
  • 1,135
  • 1
  • 11
  • 27