简介
帮助我们在HTML中快速生成form标签,同时还可以对用户提交的form请求的数据进行验证。
安装
pip3 install wtforms
使用
创建对象:构建form标签
class LoginForm(Form): name = fields.simple.StringField( label="用户名", validators=[ validators.DataRequired(message="用户名不能为空"), ], widget=widgets.TextInput(), render_kw={"placeholder": "请输入用户名"} ) password = fields.simple.PasswordField( label="密码", validators=[ validators.DataRequired(message="密码不能为空"), validators.Length(min=8, message='用户名长度必须大于%(min)d'), validators.Regexp(regex="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}", message='密码至少8个字符,至少1个大写字母,1个小写字母,1个数字和1个特殊字符') ], render_kw={"placeholder": "请输入密码"} )
实例化对象,进行模板渲染
# 实例化 form = LoginForm() # HTML {{ form.name.label }} 获取label值 {{ form.name }} 获取input标签 {{form.name.errors[0]}} 获取错误信息 # 标签比较多的,可以循环form {% for foo in form %} <div>{{ foo.label }}:{{ foo }} {{ foo.errors[0] }}</div> {% endfor %}
实例化对象,进行数据验证
form = LoginForm(POST提交的数据) if form.validate(): # 满足条件, 获取数据 data = form.data else: # 有错误 errors = form.errors
钩子
自定义钩子函数
# validate_字段名 def validate_name(self, field): # 定义自己的验证 if not field.data.startswith("a"): raise validators.ValidationError("用户名必须以a开头")
CSRF
from wtforms.csrf.core import CSRF from hashlib import md5 class MyCSRF(CSRF): """ Generate a CSRF token based on the user's IP. I am probably not very secure, so don't use me. """ def setup_form(self, form): self.csrf_context = form.meta.csrf_context() self.csrf_secret = form.meta.csrf_secret return super(MyCSRF, self).setup_form(form) def generate_csrf_token(self, csrf_token): gid = self.csrf_secret + self.csrf_context token = md5(gid.encode('utf-8')).hexdigest() return token def validate_csrf_token(self, form, field): print(field.data, field.current_token) if field.data != field.current_token: raise ValueError('Invalid CSRF') class LoginForm(Form): ...... class Meta: csrf = True csrf_field_name = 'csrf_token' csrf_secret = 'sldfjkjdl' csrf_context = lambda x: request.url csrf_class = MyCSRF # html {{ form.csrf_token }}