Python 3.x flask_wtf.csrf csrf令牌不匹配-无法修复flask错误消息
这是我在登录表单验证中收到的消息:Python 3.x flask_wtf.csrf csrf令牌不匹配-无法修复flask错误消息,python-3.x,flask,flask-wtforms,csrf-token,Python 3.x,Flask,Flask Wtforms,Csrf Token,这是我在登录表单验证中收到的消息: session: <SecureCookieSession {}> request.form: ImmutableMultiDict([('eventid', ''), ('csrf_token', 'ImI1N2EwYjFjZmIxZDI4YjQ3ZTIxM2VmNGNkOGQzZTEzYzBiM2U4MzEi.DsNqRA.sw618M5laiwyElfOJ9mAIAAOXig'), ('password', 'admin'), ('usern
session: <SecureCookieSession {}>
request.form: ImmutableMultiDict([('eventid', ''), ('csrf_token', 'ImI1N2EwYjFjZmIxZDI4YjQ3ZTIxM2VmNGNkOGQzZTEzYzBiM2U4MzEi.DsNqRA.sw618M5laiwyElfOJ9mAIAAOXig'), ('password', 'admin'), ('username', 'admin'), ('submit', 'Sign In')])
INFO:flask_wtf.csrf:The CSRF tokens do not match.
127.0.0.1 - - [06/Nov/2018 19:18:57] "POST / HTTP/1.1" 200 -
INFO:werkzeug:127.0.0.1 - - [06/Nov/2018 19:18:57] "POST / HTTP/1.1" 200 -
观点:
auth.py
#!/usr/bin/env python3
import os
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from config import Config
app = Flask(__name__)
app.config.from_object(Config)
db = SQLAlchemy(app)
# register blueprints
from app.auth import auth
app.register_blueprint(auth.bp)
from flask import (
Blueprint,
flash,
g,
redirect,
render_template,
request,
session,
url_for,
)
from werkzeug.security import check_password_hash, generate_password_hash
from app import db
from app.auth.forms import LoginForm
from app.models import User
bp = Blueprint('auth', __name__)
@bp.route('/', methods=('GET', 'POST'))
@bp.route('/login/', methods=('GET', 'POST'))
def login():
print('session:', session)
form = LoginForm()
print('request.form:', request.form)
if form.validate_on_submit():
print('Form is valid')
eventid = form.eventid.data
username = form.username.data
password = form.password.data
# validate login
user = User.query.filter_by(username=username.lower()).first()
error = None
if not user or not check_password_hash(user.password, password):
error = 'Incorrect username-password combination.'
if not error:
session.clear()
session['user_id'] = user.id
return redirect(url_for('performance.index'))
flash(error)
return render_template('auth/login.html', title='Sign In', form=form)
from flask_wtf import FlaskForm
from wtforms import (
BooleanField,
PasswordField,
StringField,
SubmitField,
)
from wtforms.validators import DataRequired
class LoginForm(FlaskForm):
eventid = StringField('Event ID')
username = StringField('Username', validators=[DataRequired()])
password = PasswordField('Password', validators=[DataRequired()])
submit = SubmitField('Sign In')
import os
class Config:
instance_path = '/some/path/to/instance/'
SECRET_KEY = os.environ.get('SECRET_KEY') or 'you-will-never-guess'
DATABASE = os.path.join(instance_path, 'app.sqlite')
SQLALCHEMY_DATABASE_URI = ('sqlite:///' + os.path.join(instance_path,
'app.sqlite'))
SQLALCHEMY_TRACK_MODIFICATIONS = False
表格:
forms.py
#!/usr/bin/env python3
import os
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from config import Config
app = Flask(__name__)
app.config.from_object(Config)
db = SQLAlchemy(app)
# register blueprints
from app.auth import auth
app.register_blueprint(auth.bp)
from flask import (
Blueprint,
flash,
g,
redirect,
render_template,
request,
session,
url_for,
)
from werkzeug.security import check_password_hash, generate_password_hash
from app import db
from app.auth.forms import LoginForm
from app.models import User
bp = Blueprint('auth', __name__)
@bp.route('/', methods=('GET', 'POST'))
@bp.route('/login/', methods=('GET', 'POST'))
def login():
print('session:', session)
form = LoginForm()
print('request.form:', request.form)
if form.validate_on_submit():
print('Form is valid')
eventid = form.eventid.data
username = form.username.data
password = form.password.data
# validate login
user = User.query.filter_by(username=username.lower()).first()
error = None
if not user or not check_password_hash(user.password, password):
error = 'Incorrect username-password combination.'
if not error:
session.clear()
session['user_id'] = user.id
return redirect(url_for('performance.index'))
flash(error)
return render_template('auth/login.html', title='Sign In', form=form)
from flask_wtf import FlaskForm
from wtforms import (
BooleanField,
PasswordField,
StringField,
SubmitField,
)
from wtforms.validators import DataRequired
class LoginForm(FlaskForm):
eventid = StringField('Event ID')
username = StringField('Username', validators=[DataRequired()])
password = PasswordField('Password', validators=[DataRequired()])
submit = SubmitField('Sign In')
import os
class Config:
instance_path = '/some/path/to/instance/'
SECRET_KEY = os.environ.get('SECRET_KEY') or 'you-will-never-guess'
DATABASE = os.path.join(instance_path, 'app.sqlite')
SQLALCHEMY_DATABASE_URI = ('sqlite:///' + os.path.join(instance_path,
'app.sqlite'))
SQLALCHEMY_TRACK_MODIFICATIONS = False
模板:
login.html
{% extends 'base.html' %}
{% block header %}
<h3>{% block title %}{{ title }}{% endblock %}</h3>
{% endblock %}
{% block content %}
<form action="" method="post">
<div class="form-group">
<label class="col-sm-12" for="username">
{{ form.username.label }}
</label>
{{ form.username() }}
</div>
<div class="form-group">
<label class="col-sm-12" for="password">
{{ form.password.label }}
</label>
{{ form.password() }}
</div>
<div class="form-group">
<label class="col-sm-12" for="eventid">
{{ form.eventid.label }}
</label>
{{ form.eventid() }}
</div>
<div class="form-group">
{{ form.submit }}
</div>
{{ form.hidden_tag() }}
</form>
{% endblock %}
我尝试了所有的建议,我发现:
-我已经在模板中设置了隐藏标签()
;
-我已经在配置中设置了secret\u键
;
-我尝试过从FlaskForms
更改为Forms
;
-其他解决办法
他们没有一个人不帮忙。我已经和它坐了三个晚上了。任何建议都可以
更新
如果我不使用
Blueprint
,即如果我在我的auth.py
中使用@app.route(…)
而不是@bp.route(…)
,我可以登录,尽管会话仍然是空的。所以,现在我不理解蓝图的问题。我认为您从教程中跳过了这一部分:
form.hidden_tag()模板参数生成一个隐藏字段,其中包含一个令牌,用于保护表单免受CSRF攻击。要保护表单,只需包含此隐藏字段,并在Flask配置中定义SECRET\u KEY变量。如果您处理好这两件事,Flask WTF会为您处理其余的事情
所以在您的配置文件中,您应该设置了密钥
import os
class Config(object):
SECRET_KEY = os.environ.get('SECRET_KEY') or 'you-will-never-guess'
如果不起作用,请在您的login.html中,尝试在表单csrf_标记的开头添加如下内容:
{{form.csrf_token}
{{form.username.label}
.....
我也有同样的问题,我能看到的只有更好的
127.0.0.1 - - [08/Oct/2020 09:27:00] "GET /add_faqs HTTP/1.1" 200 -
------ ImmutableMultiDict([('csrf_token', 'IjQzNTE4ZmIwMDFjMGM3MjAwOWEwNWQwYjUxOTEyNTJlYTc0OTU2Mzki.X38TpA.rvc1178AkNAvgLN_PbsHWKpra60'), ('question', 'test111'), ('answer', 'test1'), ('display_order', '1')])
session: <SecureCookieSession {'csrf_token': '7967a78759d4cbfb255d56e2a9092bfe2d75e17d'}>
127.0.0.1---[08/Oct/2020 09:27:00]“获取/添加常见问题HTTP/1.1”200-
------ImmutableMultiDict([('csrf_token','ijqzmte4zmiwmdfjmgm3mjawowewnwqwyjuxoteyntjlytc0otu2mzki.X38TpA.rvc1178AkNAvgLN_PbsHWKpra60'),('question','test111'),('answer','test1'),('display_order','1'))
会议:
令牌是不同的。不知道为什么。你能发布你的代码,包括你正在使用的蓝图吗blueprints@Suever,我添加了蓝图,但是它与问题有关吗?你能发布你的配置文件吗?这回答了你的问题吗?谢谢你的回答,但我已经尝试了所有这些-它不会改变结果。