我刚刚开始使用Flask,并且正在尝试创建一个登录表单,但是当实例化响应表单时,flask-wtf / WTForm似乎以某种方式丢失了密码字段。 我的表格看起来像这样
from flask_wtf import Form
from wtforms import StringField, PasswordField
from wtforms.validators import DataRequired
class LoginForm(Form):
name = StringField('name', validators=[DataRequired()])
password = PasswordField('password', validators=[DataRequired()])
def validate_password(self, field):
print "password field is {}".format(field)
视图看起来像这样:
@app.route('/login', methods=['GET', 'POST'])
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
print "** new request"
print "request.values = {}".format(request.values)
print "request.form = {}".format(request.form)
print "form.name = {}".format(form.name)
print "form.password = {}".format(form.password)
print "form.csrf_token = {}".format(form.csrf_token)
# do stuff with form.name and form.password and then render_template as appropiate
return render_template('login.html', form=form)
当客户发布登录表单时,程序会打印出:
password field is <input id="password" name="password" type="password" value=""> # <-- value is empty!
** new request
request.values = CombinedMultiDict([ImmutableMultiDict([]), ImmutableMultiDict([('csrf_token', u'1444574310##420f08dc670febba20d0a4dfd9085e5f6ad4dded'), ('password', u'hemlis'), ('name', u'kalle')])])
request.form = ImmutableMultiDict([('csrf_token', u'1444574310##420f08dc670febba20d0a4dfd9085e5f6ad4dded'), ('password', u'hemlis'), ('name', u'kalle')])
form.name = <input id="name" name="name" type="text" value="kalle">
form.password = <input id="password" name="password" type="password" value=""> # <-- value is empty!
form.csrf_token = <input id="csrf_token" name="csrf_token" type="hidden" value="1444574315##24eca44ce86f86523ddf9d138f07fc306ed77a96">
即使密码字段设法获取name和csrf_token的值,也会丢失密码字段的值。如果我更改了类型,如果密码字段为StringField
密码值被表单按预期获取,但这不是一个令人满意的解决方法! : - )
我应该在这里做些什么来获取密码字段,因为安全性,或者这是某个地方的错误?
另外,这是我的requirement.txt
bcrypt==2.0.0
BeautifulSoup==3.2.1
blinker==1.4
cffi==1.2.1
Flask==0.10.1
Flask-Login==0.3.2
Flask-Mail==0.9.1
Flask-Principal==0.4.0
Flask-WTF==0.12
itsdangerous==0.24
Jinja2==2.8
Markdown==2.6.2
MarkupSafe==0.23
micawber==0.3.3
passlib==1.6.5
peewee==2.6.4
pycparser==2.14
six==1.10.0
Werkzeug==0.10.4
wheel==0.24.0
WTForms==2.0.2
答案 0 :(得分:2)
当您要求form.password
实际上要求该对象的HTML表示时,就PasswordField
而言,包括先前在该HTML元素中输入的数据将会非常糟糕安全漏洞可以通过查看HTML源代码来查看密码(在本地,或者更有可能通过共享的不安全的无线网络进行监控)
要查看已提交表单元素中包含的数据,请使用.data
属性,例如form.password.data
。