Error with POST request in Flask

Question

My question is very similar to this but unfortunately the solution does not work for me.

I have created a web app and there is a 'Login as User' button which should redirect the user to a login form.

The app.py file looks like:

@app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'POST':
        if request.form['action'] == 'Login as Guest':
            create_user(request, session)
        elif request.form['action'] == 'Login as User':
            return redirect(url_for('login'), code=307)
        elif request.form['action'] == 'Delete User':
            delete_user(request, session)
        else:
            abort("invalid form")
        return redirect(url_for('start'))

    return render_template('index.html', username=session.get('username'))


@app.route('/login', methods=['GET', 'POST'])
def login():

    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']

    return render_template('login.html', username=session.get('username'))

The login.html form is the following:

<form class="form" action="" method="POST">
    <input type="text" placeholder="Username" name="username">
    <input type="password" placeholder="Password" name="password">
    <input class="btn btn-lg btn-success" name="login" type="submit" value="Login">
</form>

And the index.html form looks like:

<form class="form" action="" method="POST">
    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
    <input type="submit" name="action" class="btn btn-lg btn-success {% if username == None %}disabled{% endif %}" value="Delete User">
    <input type="submit" name="action" class="btn btn-lg btn-success {% if username %}disabled{% endif %}" value="Login as Guest">
    <input type="submit" name="action" class="btn btn-lg btn-success {% if username %}disabled{% endif %}" value="Login as User">
</form>

Even though I added code = 307 in the return redirect(url_for('login'), code=307) call and the request method is POST, when I click on the Login as User button I get the following error:

Bad Request

The browser (or proxy) sent a request that this server could not understand.

score 0 · Answer 1 · answered Dec 03 '15 at 07:43

0

The reason:

click on the "Login as User" -> go to index endpoint -> redirect to login endpoint.

the problem is when redirect to login endpoint, you can't get your username via request.form['username'], nothing is in your form yet, thus you get the error.

The solution:

There are still some problems in your example:

you may specify the action in you template
what's the usage for username in login.html?

I'll give you an simple example and hopt it helps.

@app.route('/', methods=['GET', 'POST'])
def index():
    ...
    return redirect(url_for('login'))  # no need for code 307
    ...

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form.get('username')
        password = request.form.get('password')
        if username == 'realusername' and password == 'realpasswd':
            redirect(url_for('success_login'))
    return render_template('login.html')

@app.route('/admin')
def success_login():
    return "Login success!"

answered Dec 03 '15 at 07:43

lord63. j

4,500
2
22
30

I am afraid this solution does not work. If I remove the code 307 from index() the `request.method` in login() is GET and therefore the code inside the `if request.method == 'POST':` is not executed. – Galil Dec 03 '15 at 10:34
Yes, just render the login page and then you post the username and password, if they're right, you're redirected to the admin page. Am I miss anything here? – lord63. j Dec 03 '15 at 10:36
`if username == 'realusername' and password == 'realpasswd': redirect(url_for('success_login')) ` This code is inside the if statement `if request.method == 'POST':`. Without code 307 the `request.method` is GET, so the `request.method == 'POST'` is false and the code in the if is not executed. The redirection to the admin page will never happen. – Galil Dec 03 '15 at 10:43
The redirection from index endpoint will not hit the if statement for the first time, so just render the login page, you input your username and password, click submit. It's a POST request and if password and username are right, you'll redirected to admin page, right? – lord63. j Dec 03 '15 at 13:27

Error with POST request in Flask

1 Answers1

The reason:

The solution: