Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Q: Changes right or wrong? (What it took to make this example work on a fresh Ubuntu 20 install) #6

Open
BlakeGFitch opened this issue Jun 14, 2020 · 3 comments
Open

Q: Changes right or wrong? (What it took to make this example work on a fresh Ubuntu 20 install) #6

BlakeGFitch opened this issue Jun 14, 2020 · 3 comments

Comments

@BlakeGFitch
Copy link

This example is a great resource. However I have had some trouble getting it functional on a fresh ubuntu 20 desktop install with python version 3.8.2 and Flask-WTF version 0.14.3.

Included are the changes that made it work. I'd be interested to know if they are needed or if I missed something in following the instructions.

Below find a git diff, information on the python environment, and the commands that made the environment run the Flask server.

$ git diff
diff --git a/application/forms.py b/application/forms.py
index f8440b1..19f1c4b 100644
--- a/application/forms.py
+++ b/application/forms.py
@@ -11,7 +11,7 @@ from wtforms.validators import (DataRequired,
                                 EqualTo,
                                 Length,
                                 URL)
-
+from datetime import date
 
 class ContactForm(FlaskForm):
     """Contact form."""
@@ -37,7 +37,7 @@ class SignupForm(FlaskForm):
         DataRequired(message="Please enter a password."),
     ])
     confirmPassword = PasswordField('Repeat Password', [
-            EqualTo(password, message='Passwords must match.')
+            EqualTo('password', message='Passwords must match.')
             ])
     title = SelectField('Title', [DataRequired()],
                         choices=[('Farmer', 'farmer'),
@@ -47,6 +47,8 @@ class SignupForm(FlaskForm):
                                  ('Lonely Guy At A Diner', 'lonely'),
                                  ('Pokemon Trainer', 'pokemon')])
     website = StringField('Website', validators=[URL()])
-    birthday = DateField('Your Birthday')
-    recaptcha = RecaptchaField()
+    birthday = DateField('Your Birthday', 
+                         [DataRequired(message="Please enter your birthday")],
+                         default=date.today )
+    #recaptcha = RecaptchaField()
     submit = SubmitField('Submit')
diff --git a/application/templates/contact.jinja2 b/application/templates/contact.jinja2
index 7be8188..db9e3d1 100644
--- a/application/templates/contact.jinja2
+++ b/application/templates/contact.jinja2
@@ -7,7 +7,8 @@
 {% block content %}
 <div class="formwrapper">
   <h2 class="title">Contact</h2>
-  <form method="POST" action="/">
+  <form method="POST" action="">
+    {{ form.csrf_token }}
     <div class="form-field">{{ form.name.label }} {{ form.name(size=20) }}
       {% if form.name.errors %}
         <ul class="errors">
diff --git a/application/templates/signup.jinja2 b/application/templates/signup.jinja2
index fb41b21..09d7513 100644
--- a/application/templates/signup.jinja2
+++ b/application/templates/signup.jinja2
@@ -7,7 +7,7 @@
 {% block content %}
 <div class="formwrapper">
   <h2 class="title">Sign Up</h2>
-  <form method="POST" action="/">
+  <form method="POST" action="">
       {{ form.csrf_token }}
       <div class="form-field">{{ form.email.label }} {{ form.email }}
         {% if form.email.errors %}
diff --git a/config.py b/config.py
index 30fd52a..207879f 100644
--- a/config.py
+++ b/config.py
@@ -1,5 +1,5 @@
 """App configuration."""
-from os import environ, path
+from os import environ, path, urandom
 from dotenv import load_dotenv
 
 basedir = path.abspath(path.dirname(__file__))
@@ -10,7 +10,7 @@ class Config:
     """Set Flask configuration vars from .env file."""
 
     # General Config
-    SECRET_KEY = environ.get('SECRET_KEY')
+    SECRET_KEY = environ.get('SECRET_KEY', urandom(32))
     FLASK_APP = environ.get('FLASK_APP')
     FLASK_ENV = environ.get('FLASK_ENV')

$ pip list
Package         Version   
--------------- ----------
appdirs         1.4.3     
CacheControl    0.12.6    
certifi         2019.11.28
chardet         3.0.4     
click           7.1.2     
colorama        0.4.3     
contextlib2     0.6.0     
distlib         0.3.0     
distro          1.4.0     
dnspython       1.16.0    
email-validator 1.1.1     
Flask           1.1.2     
Flask-WTF       0.14.3    
html5lib        1.0.1     
idna            2.9       
ipaddr          2.2.0     
itsdangerous    1.1.0     
Jinja2          2.11.2    
lockfile        0.12.2    
MarkupSafe      1.1.1     
msgpack         0.6.2     
packaging       20.3      
pep517          0.8.2     
pip             20.0.2    
pkg-resources   0.0.0     
progress        1.5       
pyparsing       2.4.6     
python-dotenv   0.13.0    
pytoml          0.1.21    
requests        2.22.0    
retrying        1.3.3     
setuptools      44.0.0    
six             1.14.0    
urllib3         1.25.8    
webencodings    0.5.1     
Werkzeug        1.0.1     
wheel           0.34.2    
WTForms         2.3.1     

$ uname -a
Linux U20D 5.4.0-37-generic #41-Ubuntu SMP Wed Jun 3 18:57:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ python3 -V
Python 3.8.2
<snip>
$ git clone https://github.com/hackersandslackers/flask-wtform-tutorial.git
$ cd flask-wtform-tutorial/
$ sudo apt install pipenv
$ pipenv --python /usr/bin/python3
$ pipenv shell
$ pipenv update
$ flask run
@toddbirchard
Copy link
Member

Hey Blake, did you have a .env file present originally perchance? I've realized that this step may not be intuitive, so I've gone ahead and clarified the purpose of .env in the readme. It would certainly explain how setting SECRET_KEY = environ.get('SECRET_KEY', urandom(32)) resolved your issue, as this adds a fallback in the event that a SECRET_KEY environment variable is not present.

Cheers, and thanks for the feedback!

@BlakeGFitch
Copy link
Author

Hi Todd,

I've kind of moved on with what I got working. But looking back at the directory I did not have a .env file. Looking at the values set in the .env file however, it seams like using your start.sh file covers that need. I did use that. Maybe SECRET_KEY could just be set there?

Also, I needed other changes that took longer to figure out. For example:

diff --git a/application/templates/contact.jinja2 b/application/templates/contact.jinja2
index 7be8188..db9e3d1 100644
--- a/application/templates/contact.jinja2
+++ b/application/templates/contact.jinja2
@@ -7,7 +7,8 @@
 {% block content %}
 <div class="formwrapper">
   <h2 class="title">Contact</h2>
-  <form method="POST" action="/">
+  <form method="POST" action="">
+    {{ form.csrf_token }}

I've kept these changes as I move forward with my local app. I was wondering if they are the right way to go.

Thanks for the example and thanks for taking the time to look at this issue!

@toddbirchard
Copy link
Member

Thanks for getting back to me! I'm glad you brought up the lack of a SECRET_KEY in start.sh, as there is a very intentional reason this is missing. These keys are referred to as "secret" because all encryption in our app depends on them. Things such as user passwords, personal data, (or in this case, the security of data in a form being submitted) are encrypted based on the random value of our SECRET_KEY. Conversely, this key could be used by an attacker to decrypt such data, hence the absence of this key in a publically accessible repository.

Secret keys and .env files are easily the biggest points of contention and confusion amongst our readers. I wish there was an easier way to get this across in tutorials - hopefully this clears things up a bit!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@toddbirchard @BlakeGFitch