We Keep Coding

Flask-SQLAlchemy MySQL application won't write to database [duplicate]

I'm using Flask-WTF:
Here is my form:
from flask.ext.wtf import Form, TextField
class BookNewForm(Form):
name = TextField('Name')
Here is the controller:
#book.route('/book/new', methods=['GET', 'POST'])
def customers_new():
form = BookNewForm()
if form.is_submitted():
print "submitted"
if form.validate():
print "valid"
if form.validate_on_submit():
flash("Successfully created a new book")
return redirect(url_for('.books_show'))
return render_template('views/books_new.html', form=form)
Now the problem is, if you look at my print statements, it always prints submitted, but it NEVER prints valid and validate_on_submit() is never executed. Why?

You're not inserting the CSRF field in the HTML form.
<form method=post>
{{ form.csrf_token }}
{{ form.name }}
<input type=submit>
</form>
After adding form.csrf_token to the template (docs), the form will validate as expected.
Add print(form.errors) after validating the form to see the errors that were raised. errors will be empty before validation. In this case, there is an error about missing
#book.route('/book/new_no_csrf', methods=['GET', 'POST'])
def customers_new_no_csrf():
form = BookNewForm()
print(form.errors)
if form.is_submitted():
print("submitted")
if form.validate():
print("valid")
print(form.errors)
if form.validate_on_submit():
flash("Successfully created a new book")
return redirect(url_for('.books_show'))
return render_template('books_new.html', form=form)
{}
submitted
{'csrf_token': [u'CSRF token missing']}
127.0.0.1 - - [29/May/2012 02:01:08] "POST /book/new_no_csrf HTTP/1.1" 200 -
127.0.0.1 - - [29/May/2012 02:01:08] "GET /favicon.ico HTTP/1.1" 404 -
I created an example on GitHub.

you can print errors
print form.errors
or
app.logger.debug(form.errors)
and if you got csrf-error, you should set form.csrf_token in your template.

I came across this when trying to render a FormField being iterated over my FieldList in my template. I had to embed two hidden_tag elements one for the FieldList form and one for the FieldForm form, search the template comments for keyword "HIDDEN TAG"
class ParamRangeForm( FlaskForm ):
minX = FloatField( )
maxX = FloatField( )
class ParamRangesForm( FlaskForm ):
paramRanges = FieldList( FormField( ParamRangeForm ) )
submit = SubmitField( 'Submit' )
def loadParams( self ) :
for paramName in ["p1" , "p2" , "p3", "p4"] :
prf = ParamRangeForm( )
prf.minX = -100.9#float('-inf')
prf.maxX = 100.5#float('-inf')
self.paramRanges.append_entry( prf )
...
<form action="" method="POST" enctype="multipart/form-data">
{{ rangesForm.hidden_tag() }} <!--#### HIDDEN TAG #1 -->
<table>
<!--Print Column Headers-->
<thead>
<tr>
<th class="ColumnHeader">Parameter</td>
<th class="ColumnHeader">Min</td>
<th class="ColumnHeader">Max</td>
</tr>
</thead>
<!--Print Parameter Rows-->
<tbody>
{% for paramRange in rangesForm.paramRanges %}
<tr>
{{ paramRange.hidden_tag() }} <!--#### HIDDEN TAG #2 -->
<td>p{{ loop.index }}</td>
<td>{{ paramRange.minX }}</td>
<td>{{ paramRange.maxX }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{{ rangesForm.submit() }}
</form>

insert this after the tag in template html file:
{{ form.csrf_token }}

I was clearing the flask session if I wasn't logged in before every request. This was causing this issue.
#main.before_request
def before_request():
if not current_user.is_authenticated():
# TODO clean sessions may cause CSRF missing issue
session.clear()
print "Session Cleared"
return redirect(url_for('auth.login'))

I think the API has changed.Maybe try changing
from flask.ext.wtf import Form
to:
from flask_wtf import Form

I spent a several hours debugging a validation issue with Flask-WTF. The issue like many others was a CSRF validation issue. However, mine was not caused by any of the common issues I have found.
The standard Flask-WTF implementation of CSRF requires two things be delivered to the browser.
One: The hidden CSRF form field e.g.
<input id="csrf_token" name="csrf_token" type="hidden" value="ImYzODdmZTdhYTRlMmNkYWRjYmRlYWFmZjQxMDllZTQ1OWZmYzg3MTki.XKvOPg.gUCkF9j-vg0PrL2PRH-v43GeHu0">
Two: The session cookie HTTP response header e.g.
Set-Cookie: session=eyJjc3JmX3Rva2VuIjoiZjM4N2ZlN2FhNGUyY2RhZGNiZGVhYWZmNDEwOWVlNDU5ZmZjODcxOSJ9.XKvOPg.a3-W62MHvaGVkv2GYCi-dgpLE3Y; HttpOnly; Path=/
If either of these are missing the browser will fail to send the proper CSRF validation. Of course, this in turn causes the form validation to fail.
If the csrf_token hidden field is present in the form but the session cookie is missing, you will receive the following response when the form is submitted...
Bad Request
The CSRF session token is missing.
In my case the session cookie was missing because of a bug in my code. I needed to serve a custom HTTP header across the entire Flask site. I included it like this...
class LocalFlask(Flask):
def process_response(self, response):
response.headers['my-header'] = 'My Header Value'
return response
app = LocalFlask(__name__)
This however causes anything that rellys on the the Flask.response.headers method to fail. One of those is Flaks-WTF setting the session cookie HTTP header.
This can be solved by adding the super() method to the LocalFlask class so that it inherits methods form the Flask class.
class LocalFlask(Flask):
def process_response(self, response):
response.headers['my-header'] = 'My Header Value'
#LocalFlask inherits methods from Flask
super(LocalFlask, self).process_response(response)
return response
app = LocalFlask(__name__)

Well I tried all the solutions mentioned
form.hidden_tag()
form.csrf_token
form.csrf
with
app.secret_key=""
app.config["SECRET_KEY"]=""
but form.validate_on_submit() always returned false.
None of these seem to work for me, so I used the basic method and this method
import request
request.method="POST"
or
form.is_submitted()
These two worked for me

fetch is returning html rather than JSON response

I am working on the cs50 web development project Network. Basically building a twitter copycat.
It is still in process but so far I have two fetch requests for a JSON response. Once works perfectly but the other, which is a very similar request, returns html instead of JSON, causing an error. Can't figure out why this one doesn't work. Code snippets below:
Here is the one that is returning html for my profile.html file for some reason. The commented out parts are the actual fetch JSON request but I temporarily changed it to show me in the console what is was returning.
profile.js:
function load_posts_profile() {
console.log("load_posts_profile running");
document.querySelector('#prof-posts').style.display = 'block';
fetch(`/profile_posts`)
//.then(response => response.json())
.then(response => response.text())
.then(text => console.log(text))
//.then(posts => {
// Print posts
//console.log(posts);
//posts.forEach(post => show_posts_profile(post));
//});
}
profile.html:
{% extends "network/layout.html" %}
{% load static %}
{% block body %}
{% if user.is_authenticated %}
<!--insert profle name below in h3-->
<h2 id="profile-name"></h2>
<br>
<h4 id="followers"></h4>
<br>
<h4 id="following"></h4>
<!--add js to load user's posts only-->
<div id="prof-posts">
</div>
{% else %}
<strong> Login To See Profile</strong>
{% endif %}
{% endblock %}
{% block script %}
<script src="{% static 'network/profile.js' %}"></script>
{% endblock %}
urls.py:
from django.urls import path
from . import views
urlpatterns = [
path("", views.index, name="index"),
path("login", views.login_view, name="login"),
path("logout", views.logout_view, name="logout"),
path("register", views.register, name="register"),
path("all_posts", views.all_posts, name="all_posts"),
path("<str:poster>", views.profile, name="profile"),
path("profile_posts", views.profile_posts, name="profile_posts")
]
views.py snippet:
def all_posts(request):
posts = Post.objects.all()
posts = posts.order_by("-timestamp").all()
return JsonResponse([post.serialize() for post in posts], safe=False)
def profile_posts(request, poster):
posts = Post.objects.get(poster=poster)
posts = posts.order_by("-timestamp").all()
return JsonResponse([post.serialize() for post in posts], safe=False)
def profile(request, poster):
return render(request, "network/profile.html", {
"poster": poster,
})
And here is the js file with the similar fetch request that works perfectly. Why would this one work(ie return JSON) but the other returns html?:
function load_posts() {
console.log("load_posts running");
document.querySelector('#all-posts').style.display = 'block';
fetch(`/all_posts`)
.then(response => response.json())
.then(posts => {
// Print posts
console.log(posts);
posts.forEach(post => show_posts(post));
});
}

When in debug mode django returns an html response when an error occures, usually this is the problem, I think you're passing a parameter poster to the view function but you're not excepting one in the url path
In the future there are a few things to remember, when you get a different response then the one you expected, you should check your logs in the terminal or check the response code in the console client side, if it starts with 5 ot is a server error, of ot Starts with 4 it wasn't found or similar and you should check the logs
Here is how you should modify your code:
Add str:poster to the url path and modify the fetch request to include this in your url

Django Translations Not Working

I am working in a Django 1.9 / python3.5 application, and trying to make use of Django's translation utility. I have a locale directory which has an 'es' directory for spanish translations that I created a .po file in. I set it up to have a couple translations just to test it out.
msgid "Sign In"
msgstr "Registrarse"
msgid "Create an Account"
msgstr "Crea una cuenta"
I have my setting file correctly configured as well
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'webapp.middleware.LanguageSwitchMiddleware',
)
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'APP_DIRS': True,
'DIRS': [os.path.join(BASE_DIR, 'templates'), ],
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'webapp.context_processors.detail_context',
'django.template.context_processors.i18n'
],
},
},
]
# Internationalization
# https://docs.djangoproject.com/en/dev/topics/i18n/
LOCALE_PATHS = (
os.path.join(PROJECT_ROOT, 'locale/'),
)
from django.utils.translation import ugettext_lazy as _
LANGUAGES = (
('en', _('English')), # first language is the default used by modeltranslations
('es', _('Spanish')),
)
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'America/Chicago'
USE_I18N = True
In my template I use the Django 'trans' template tag for the words sign in, and create an account. A select box will edit the Content-Language http response header from the application, which I have tested, and it successfully does so. However the headers sign up, and create and account, do not translate to Spanish. Is there some step I'm missing ?
HTML
{% load i18n %}
<ul class="list-inline-xxs">
{% if customer %}
<li>
Welcome,
<a href='{% url "customer:dashboard" %}'>
{{ customer.first_name }}
</a>
</li>
<li>
<a href='{% url "customer:logout" %}'>
{% trans 'Logout' %}
</a>
</li>
{% else %}
<li>
<a href='{% url "customer:login" %}'>
{% trans 'Sign In' %}
</a>
</li>
<li>
<a href='{% url "subscription:customer-subscribe" %}'>
{% trans 'Create an Account' %}
</a>
</li>
{% endif %}
</ul>

I have a locale directory which has an 'es' directory for spanish
translations that I created a .po file in.
That ^^^ line suggests you are creating translation files manually. Let Django create translation files for you:
django-admin makemessages -a
Then put in your translations, save the file and compile with
django-admin compilemessages
Restart your app and it should work.
I've put together a simple example how to do translations with Django: https://github.com/DusanMadar/Django-multilang-demo
EDIT
As django django-admin makemessages -h suggests --ignore PATTERN, -i PATTERN is what you need to use to ignore third party directories. So something like django-admin makemessages -a -i 3rdparty_dir

Mailjet: Array value provided through vars makes email being blocked on sending

I’m working on an email template for Mailjet written in MJML that uses an array value provided through Vars to generate a list of items the sender wants to receive from the mail recipient. All values in the array are plain text values.
The data passed to the API request looks like this:
{
"FromEmail":"sender#email.com",
"FromName":"Chris Crumble",
"Subject":"Data Request",
"MJ-TemplateID":"200000",
"MJ-TemplateLanguage":true,
"Recipients":[
{
"Email":"recipient#email.com",
"Name":"Hans Henson"
}
],
"Vars":{
"mailTitle":"Data Request",
"userName":"Chris Crumble",
"imageUrl":"http://my.host.com/image.jpg",
"userBirthDate":"1.3.1982",
"recipientName":"Hans Henson",
"uploadUrl":"https://my.upload.com/",
"authVideoUrl":"https://my.authvideo.com",
"records":["Document A","Document B"],
"authPhone":"113777840097"
}
}
The template uses var:records like this:
...
</mj-text>
<mj-raw> {% if var:records:false %} </mj-raw>
<mj-text>
<p>
I, <strong>{{var:userName}}, born on {{var:userBirthDate}}</strong> am asking you to provide the following documents:
</p>
</mj-text>
<mj-raw> {% for item in var:records %} </mj-raw>
<mj-text>
{{item}}
</mj-text>
<mj-raw> {% endfor %} </mj-raw>
<mj-raw> {% else %} </mj-raw>
<mj-text>
<p>
I, <strong>{{var:userName}}, born on {{var:userBirthDate}}</strong>, am asking you to provide all my existing documents.
</p>
</mj-text>
<mj-raw> {% endif %} </mj-raw>
<mj-text>
...
As long as var:records isn’t set in the data sent with the request, the mail is sent as expected. As soon as an (not empty) array value is provided with the request, the mail is blocked by Mailjet on sending without giving any further information on the reason.
No idea how to get this working.
UPDATE:
Thanks to Zhivko’s hint to the error reporting mechanism provided by Mailjet I was able to gain a little more insight into the problem.
The template produces the following error:
expression parsing error ## Unknown identifier: var:records:false ## near ## var:records:false ##
This still doesn’t make any sense to me as the line mentioned is an if condition with a default value of false defined for the case that no value for var:records is provided with the api request.
Also the template only produces this error when the value is explicitely set in Vars and is not empty.
My tests so far make me guess that it may have to do with the provided value being an array value as the line doesn’t cause any problems if the value is plain string.

I had the same problem and after asking the MJML team on their Slack I add an answer. Just use the defined() method :
Example :
{% if defined(var:employees) %}
My employees :
<ul>
{% for employee in var:employees %}
<li>{{employee.firstname}} {{employee.lastname}}</li>
{% endfor %}
</ul>
{% endif %}
This method is correct and a core maintainer of MJML just says :
It's not publicly documented yet
PS : Their Slack is a good place to ask this kind of question and I had a response in minutes. (mjml.slack.com)

The message is probably blocked due to an error in the template language. To receive details about the error, enable the error reporting mechanism. If you have troubles debugging the error message, open a support ticket with Mailjet for in depth investigation for the specific template.

As far as I know, Mailjet doesn't allow arrays as a personalized var.
DataType: the type of data that is being stored (this can be either a
str, int, float or bool)
https://dev.mailjet.com/guides/#manage-contacts

Solution:
<% if(typeof bar !== 'undefined') { %>
variable 'bar' is defined in payload:
<b><%= bar %></b>
<% } else {%>
variable 'bar' is not defined in payload
<% }%>

Django : HTML form action directing to view (or url?) with 2 arguments

Started learning django about a week ago and ran into a wall. Would really appreciate any enlightenment...
models.py
class data(models.Model):
course = models.CharField(max_length = 250)
def __str__(self):
return self.course
html
Converted the objects in models.course to schlist
<link rel="stylesheet" type="text/css" href="{% static '/chosen/chosen.css' %}" />
<form action={% views.process %} method="GET">
<div>
<h4 style="font-family:verdana;">First Course: </h4>
<select data-placeholder="Course" style="width:350px;" class="chosen-select" tabindex="7">
<option value=""></option>
{% for item in schlist %}
<option> {{ item }} </option>
{% endfor %}
</select>
</div>
</br>
<div>
<h4 style="font-family:verdana;">Second Course:</h4>
<select data-placeholder="Course" style="width:350px;" class="chosen-select" tabindex="7">
<option value=""></option>
{% for item in schlist %}
<option> {{ item }} </option>
{% endfor %}
</select>
</div>
</br>
<input type="submit" value="Compare!" />
</form>
urls.py (having my doubts if this works..)
urlpatterns = [
url(r'^(\d+)/(\d+)$',views.process, name = 'process'),
]
view.py
def process(request,q1 ,q2):
obj1= get_object_or_404(Schdata, course = q1)
obj2= get_object_or_404(Schdata, course = q2)
........
Was wondering if it is possible for the form action to direct the action to
(1) view.py or (2) url.py (and eventually to a view.py) with 2 arguments selected?
If so how should the form action be? {{view ?}} or {{url ?}}. Am I missing out the definition of my arguments in my HTML?
Directing to views.py:
User input is CharField, could use get_object_or_404 to get the model pk. However when defining my urls.py I would get a Noreverse error as my url arguments is the primary key.
Directing to urls.py:
Url arguments is primary key. From the way I see it, I need to magically convert my User input Charfield to a pk before passing it to urls.py
Is there a (or) function for get() in django? E.g get_object_or_404(pk = q1 or course = q1)?
Would really appreciate any advice. Been staring at this for hours.

You are trying to use the reverse resolution of urls in Django.
In your html file correct form action url to the following and method should be POST:
<form action={% url 'process' %} method="POST">
In case you are trying to pass parameters along then use this:
<form action={% url 'process' request.user.id 4 %} method="POST">
Reference:
https://docs.djangoproject.com/en/1.10/topics/http/urls/

Yes i'm late but it can help others for better understanding how Django processes the request.
Django 3.0 pattern
How Django processes the request
Basic :
First Django check the matching URL.
If URL is matched then calling the defined view to process the request. (Success)
If URL not matched/found the Django invokes error Page Not Found
In detail reading :
Official Django Documentations How Django processes a request
These are your URL patterns :
urlpatterns = [ path('profile/edit/<int:pk>/',views.editprofile, name='editprofile'),]
Third argument in urlpatterns is for if you want to change the url pattern from current to this :
urlpatterns = [ url('profile/edit/user/id/<int:pk>',views.editprofile, name = 'editprofile'),]
You don't need to redefine url pattern in all Templates where you using url name.
For Example :
This is my template profile.html where i used the url name instead of hard coded url.
<a class="item" href="{% url 'editprofile' user.id %}" >Edit profile </a>
Solution of your problem :
.html
Only use url name instead of hard coded url in your templates and pass arguments.
<form action={% process no_of_arguments %} method="POST">
views.py
Here you can process your request
def process(request,no_of_arguments):
Become good django developer
You can also use Django ModelForms for your model.
Using model forms or simple form you can do multiple things
Modular approach
Write server side validation in related form instead of doing in views.py
Readable code - Clean code