We Keep Coding

Flask-WTF show error message: "The CSRF tokens do not match."

This the error message I got when I submit empty fields (which is behave like I want in my class form validators):
But when I try to submit with valid email, it give me this error message:
I basically want to submit a form using Flask-WTF but handling it from Javascript fetch. Because I want to perform it dynamically like New York Times Login Form: NYT Login Form
App.py
import os
from flask import Flask, jsonify, flash, redirect, render_template, request, session
from flask_session import Session
from flask_api import status
from flask_sqlalchemy import SQLAlchemy
from flask_wtf import FlaskForm
from wtforms import StringField
from wtforms.validators import InputRequired
from flask_wtf.csrf import CSRFProtect
from werkzeug.security import check_password_hash, generate_password_hash
from helpers import login_required
# Configure flask application
app = Flask(__name__)
# Configure Secret Key
app.config["SECRET_KEY"] = "secret123"
# Create Form Class
class AuthenticationForm(FlaskForm):
email = StringField('Email Address', [InputRequired(message="Please enter your email address")])
# Ensure templates are auto-reloaded
app.config["TEMPLATES_AUTO_RELOAD"] = True
# Configure session to use filesystem (instead of signed cookies)
app.config["SESSION_PERMANENT"] = False
app.config["SESSION_TYPE"] = "filesystem"
Session(app)
# Configure SQLAlchemy databases
basedir = os.path.abspath(os.path.dirname(__file__))
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///" + os.path.join(basedir, 'newspaper.db')
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)
# Create SQLAlchemy object of class
class Readers(db.Model):
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(100), nullable=False)
email = db.Column(db.Text, unique=True, nullable=False)
hash = db.Column(db.Text, nullable=False)
def __repr__(self):
return f'<Readers {self.email}>'
#app.after_request
def after_request(response):
"""Ensure responses aren't cached"""
response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
response.headers["Expires"] = 0
response.headers["Pragma"] = "no-cache"
return response
#app.route("/")
#login_required
def index():
"""Show Newspaper"""
return redirect('/auth/login')
#app.route("/auth/<authentication>", methods=["GET", "POST"])
def auth(authentication):
"""Log user in"""
# Forget any user_id
session.clear()
# Get form class
form = AuthenticationForm()
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
if authentication == 'login':
if form.validate():
data = request.get_json()
email = data["email"]
# Check if email already registered in database
user = Readers.query.filter_by(email=email).first()
if not user:
return "Not Registered Yet", 200
return "Valid!", 200
return jsonify(form.errors), 400
# User reached route via GET (as by clicking a link or via redirect)
return render_template("auth.html", form=form)
auth.html
{% extends "layout.html" %}
{% block title %}
Login -
{% endblock %}
{% block main %}
<div class="auth__form-wrapper">
<div class="auth__title">
<h2>Log in or create an account</h2>
</div>
<div id="success-message"></div>
<form id="form" method="post">
{{ form.csrf_token }}
<fieldset type="email" class="mb-1">
{{ form.email.label }}
{{ form.email(autocomplete="off", autofocus=true, required=false) }}
</fieldset>
<div id="error-message">
<span style="color: #cf0000;" id="error"></span>
</div>
<button id="continue" class="btn btn-dark">Continue</button>
</form>
</div>
<script src="{{url_for('static', filename='authentication.js')}}"></script>
{% endblock %}
.js file to handling submit:
const form = document.querySelector('#form');
const successMessage = document.querySelector('#success-message');
const errorMessage = document.querySelector('#error');
const fields = {
csrf_token: {
input: document.querySelector('#csrf_token')
},
email: {
input: document.querySelector('#email')
}
}
form.addEventListener('submit', async (e) => {
e.preventDefault();
const response = await fetch('/auth/login', {
'method': 'POST',
'headers': {
'Content-Type': 'application/json'
},
'body': JSON.stringify({
'csrf_token': fields.csrf_token.input.value,
'email': fields.email.input.value
})
});
if (response.ok) {
successMessage.innerHTML = await response.text();
} else {
const err = await response.json();
Object.keys(err).forEach((key) => {
errorMessage.innerHTML = err[key][0];
});
}
})
If I just use a traditional way instead of Javascript fetch to validate Flask-WTForm using validate_on_submit() it perform good. Because validate_on_submit() seems like handle all validators.
But I just don't know why this happen. Should I use Javascript to handle Flask WTF like my code above? Or I just use Flask WTF using validate_on_submit()? I just want to make a login form that behave like New York Times Login Form: NYT Login Form
I'm still new on this. I hope you guys can help.

How to redeem coupon code which i created in django?

I created Coupon code in django rest framework and now i like to redeem it using python script or any frontend method like html, javascript,Postman, i don't have way, path or logic which can guide me on how to do it.
Here is my models.py file :
from django.db import models
from django.core.validators import MinValueValidator, MaxValueValidator
class Coupon(models.Model):
code = models.CharField(max_length=50, unique=True)
valid_from = models.DateTimeField()
valid_to = models.DateTimeField()
discount = models.IntegerField(validators=[MinValueValidator(0), MaxValueValidator(100)])
active = models.BooleanField()
def __str__(self):
return self.code
here is my serializers.py file
from rest_framework import serializers
from .models import Coupon
class CouponSerializer(serializers.ModelSerializer):
class Meta:
model = Coupon
fields = '__all__'
here is my views.py file
from django.shortcuts import render
from .models import Coupon
from .serializers import CouponSerializer
from rest_framework import viewsets
class CouponViewSet(viewsets.ModelViewSet):
queryset = Coupon.objects.all()
serializer_class = CouponSerializer
Please do help

You can create a new action in your viewset where you can check the validity of the code and provide an appropriate response.
class CouponViewSet(viewsets.ModelViewSet):
queryset = Coupon.objects.all()
serializer_class = CouponSerializer
#action(detail=True, methods=['get'])
def redeem(self, request, pk=None):
obj = self.get_object()
// do all the checks here.
return Response(// return data what needed)
You can change the method of this custom method according to your need if you want to send additional data.
Also note that if you are using this coupon to create an order, do send this coupon in the final request where you can verify the discount again.
You can map the different serializer for each action in your viewset.
# mapping serializer into the action
serializer_classes = {
'list': PatientDischargeListSerializer,
'retrieve': PatientDischargeReadSerializer,
'create': PatientDischargeSerializer,
'update': PatientDischargeSerializer,
'partial_update': PatientDischargeSerializer,
'redeem': CustomSerializer,
}
default_serializer_class = PatientDischargeSerializer
def get_serializer_class(self):
return self.serializer_classes.get(self.action, self.default_serializer_class)
#action(detail=True, methods=['get'])
def redeem(self, request, pk=None):
serializer_class = self.get_serializer_class()
obj = self.get_object()
serializer = serializer_class(instance=obj, data=request.data)
// do all the checks here.
return Response(// return data what needed)

Django How to add data to database from javascript

I am have created a page in django, on this page I have create a button that calls a JavaScript function which in turn gets data from a API. This part of my code works as expected as it writes the response data to the console. However I cannot seem to get that data to be inserted into the model I have created in django.
I am not sure how python/javascript/models are meant to all link together.
models.py
from django.db import models
class Set(models.Model):
scry_id = models.CharField(max_length=255)
code = models.CharField(max_length=255)
name = models.CharField(max_length=255)
set_type = models.CharField(max_length=255)
release_date = models.DateField()
card_count = models.IntegerField()
block_code = models.CharField(max_length=255, null=True)
block_name = models.CharField(max_length=255, null=True)
parent_set_code = models.CharField(max_length=255, null=True)
digital_only = models.BooleanField(default=False)
foil_only = models.BooleanField(default=False)
nonfoil_only = models.BooleanField(default=False)
icon = models.CharField(max_length=255)
status = models.BooleanField(default=False)
def __str__(self):
return self.name
sets.html
{% extends "main/index.html "%}
{% block content %}
<div class="background card">
<div class="card-body">
<button class="btn" id="setRefresh" style="border: 1px solid" onclick="setRefresh()"><i class="fas fa-sync"></i></button>
</div>
</div>
{% endblock%}
custom.js
function setRefresh() {
const Url="https://api.scryfall.com/sets";
fetch(Url)
.then(res => res.json())
.then(data => obj = data.data)
.then(() => obj.sort(function(a,b){return a.released_at.localeCompare(b.released_at);}))
.then(() => {
for (var i = 0; i < obj.length; i++) {
//console.log(obj[i].name);
}
})
}
view.py
def sets(request):
return render(request,
"main/sets.html",
{"Sets": Set.objects.all})

There are two missing parts. First you need to have a url to listen for changes and then you need to have a view function where you want to set data. And you need to make some changes for the JS part of your code.Example below can clear this up and it is functional as well:
views.py
#ajax_required
def views_name(request):
try:
if request.method == 'POST':
post_id = request.POST.get('post')
YourModel.objects.create(id=post_id)
except Exception: # pragma: no cover
return HttpResponseBadRequest()
urls.py
urlpatterns = [
url(r'^whatever/$', views.views_name, name='whatever'),
]
custom.js:
$(function () {
$(".class-name").click(function () {
var csrf = $(this).attr('csrf');
var post = $(this).attr('page-id');
$.ajax({
url: '/whatever/',
data: {
'post': post,
'csrfmiddlewaretoken': csrf
},
type: 'post',
cache: false,
success: function (returned_values) {
// do whatever you want after success!
},
});
});
})

There are two ways to do it
Method 1 : After retrieving the data, send them to your django app instead of logging them into the console . have a django view that handles the corresponding request coming from your js code containing the data then adding them to the db. In other words you should fetch again , but this time to your django app using a post request .
.Your view should look like this :
from .models import Set
from django.http import HttpResponse
import json
def save(request):
data=json.loads(request.body)
for entry in data:
s = Set()
s.scry_id=entry["scry_id"]
#in the next lines you map entry fields to Set fields
s.save()
return HttpResponse("ok")
Method 2 : Your button call your django app on click , then your django app retrieve the data from https://api.scryfall.com/sets itself then save them to the db. Your code should look like this
from .models import Set
from django.http import HttpResponse
import json
import requests
def save(request):
response = requests.request("GET", "https://api.scryfall.com/sets")
data=response.json()
for entry in data:
s = Set()
s.scry_id=entry["scry_id"]
#in the next lines you map entry fields to Set fields
s.save()
return HttpResponse("ok")
Of course in either case don't forget to map your urlconf to the save view

User Must Take Action for Page Redirection to Work in Flask

I have a /map route in my Flask app. In this map, when an object is selected, a button is shown to redirect to the next page (let's call it /demo). Currently this demo page is accessible by everyone if you type in the url as www.mysite.com/demo.
How can I make it so that the user must select an object on the /map page first in order to be allowed access on the /demo page?
When you select an object in the map, a GET request is fired:
Flask:
#app.route('/getID', methods=['GET'])
def getID():
ID = float(request.args.get("ID",""))
objectCollection = db["objects"]
for object in objectCollection.find({"properties.ID":ID},{"properties.ID":1,"properties.Address":1,"_id":0}).limit(1):
return jsonify(selectedObject=object)
JS:
var objectIDClick = event.feature.getProperty('ID');
$.ajax({
url: '/getID?' + 'ID=' + objectIDClick,
type: 'GET',
contentType: 'application/json; charset=utf-8',
dataType: 'json',
async: false,
success: function (data) { ... }
});
If a user tries to access the /demo page without selecting an object first in the /map page, simply redirect them back to the /map page.
I know I have to use something like:
if request.method == 'GET':
return redirect(url_for('demo'))
else:
return render_template('map.html')
But I can't seem to put it all together. My routes are defined as follows:
#app.route("/map")
def map():
return render_template("map.html")
#app.route("/demo")
def demo():
return render_template("demo.html")

You could have the /demo page check the request's Referer: HTTP header. If the referrer isn't /map, then don't show the page.
Here is one implementation. For convenience, I have added the test in a Flask view decorator.
This program uses Flask and html, no Javascript. You'll need to adapt it to Javascript if required.
from urlparse import urlparse
from functools import wraps
from flask import (
Flask,
redirect,
request,
render_template_string,
url_for)
app = Flask(__name__)
def confirm_referrer(path, redirect_func):
def decorator(f):
#wraps(f)
def wrapper(*args, **kw):
ref = urlparse(request.referrer or '')
if (request.host, path) == (ref.netloc, ref.path):
return f(*args, **kw)
return redirect(url_for(redirect_func))
return wrapper
return decorator
#app.route('/map')
def map():
return render_template_string('''
<html><body>
<p>Demonstrate</p>
</body></html>''')
#app.route('/demo')
#confirm_referrer('/map', 'map')
def demo():
return '''<p>This is a demonstration</p>'''
if __name__ == '__main__':
app.run(debug=True)
EDIT: Responding to new requirements.
from urlparse import urlparse
from functools import wraps
from flask import (
Flask,
redirect,
request,
render_template_string,
url_for)
app = Flask(__name__)
def confirm_referrer(paths, redirect_func):
def decorator(f):
#wraps(f)
def wrapper(*args, **kw):
ref = urlparse(request.referrer or '')
if any((request.host, path) == (ref.netloc, ref.path)
for path in paths):
return f(*args, **kw)
return redirect(url_for(redirect_func))
return wrapper
return decorator
#app.route('/map')
def map():
return render_template_string('''
<html><body>
<p>Demonstrate</p>
</body></html>''')
#app.route('/map_ru')
def map_ru():
return render_template_string(u'''
<html><body>
<p><a href="{{ url_for("demo") }}">
\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c
</a></p>
</body></html>''')
#app.route('/demo')
#confirm_referrer(['/map', '/map_ru'], 'map')
def demo():
return '''<p>This is a demonstration</p>'''
if __name__ == '__main__':
app.run(debug=True)

Can not parse json object when using templateHTMLrenderer in django

I'm beginning with django and JSON and I'm trying to send the list of patients in JSON using the code bellow:
class JSONResponse(HttpResponse):
"""
An HttpResponse that renders its content into JSON.
"""
def __init__(self, data, **kwargs):
content = JSONRenderer().render(data)
kwargs['content_type'] = 'application/json'
super(JSONResponse, self).__init__(content, **kwargs)
#api_view(('GET',))
#renderer_classes((TemplateHTMLRenderer,))
#csrf_exempt
def patient_list(request):
"""
List all records, or create a new snippet.
"""
if request.method == 'GET':
#data = Patient.objects.all()
data= Patient.objects.all()
#serializer = PatientSerializer(data, many=True)
#return JSONResponse(serializer.data)
return Response({'patients': data}, template_name='records.html')
In records.html, I have this javascript code:
<script type="text/javascript">
var data = "{{patients}}";
var parsed = JSON.parse(data);
</script>
...
<h2> <script type="text/javascript">document.write(data);</script></h2> This is not actually true, I'm trying to figure out how to do it
However, when printing data (in string just to see what I have) I'm receiving something like that
[<Patient: Patient object>, <Patient: Patient object>, <Patient: Patient object>, <Patient: Patient object>, <Patient: Patient object>, <Patient: Patient object>, <Patient: Patient object>]
From my understanding it is not necessary to serialize data when using Response so I did not do it. I just want to get the list of patients and print their firstName for instance. Any help about that ?

You should probably just use the JsonResponse class that Django provides if you want to do it the long way: https://docs.djangoproject.com/en/1.9/ref/request-response/#jsonresponse-objects. But since it looks like you're using DjangoRestFramework, in that case, you might want to consider just making a serializer class and then just making a ViewSet.
in seralizers.py:
from rest_framework import serializers
class MySerializer(serializers.ModelSerializer):
class Meta:
model = MyModel
in views.py:
from rest_framework import viewsets
from .serializers import MySerializer
class MyViewSet(viewsets.ModelViewSet):
serializer_class = MySerializer
queryset = MyModel.objects.all()
in urls.py:
from rest_framework import routers
from .views import MyViewSet
router = routers.SimpleRouter()
router.register(r'mymodel', MyViewSet)