commit a238c98f678223b34a78fbe242b62e784176709d
parent 7585954706dc653488c15192fc015ed91207025e
Author: Oshgnacknak <osh@oshgnacknak.de>
Date: Wed, 26 Jun 2019 12:41:22 +0100
Using CSRF token
Diffstat:
4 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/README.md b/README.md
@@ -27,4 +27,3 @@ pyhton run.py
## TODO
- Create any form of database for the players.
-- Use a CSRF token.
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,3 @@
flask
-wtforms-
\ No newline at end of file
+wtforms
+flask_wtf
diff --git a/smtl/app.py b/smtl/app.py
@@ -1,4 +1,5 @@
from flask import Flask, request, render_template, flash, redirect
+from flask_wtf.csrf import CSRFProtect
from smtl.signup_form import SignupForm
from smtl.meta import meta
from config import config
@@ -10,7 +11,9 @@ def add_to_db(data):
# App config.
+csrf = CSRFProtect()
app = Flask(__name__)
+csrf.init_app(app)
app.config.from_object(__name__)
app.config['SECRET_KEY'] = config['SECRET_KEY']
diff --git a/smtl/templates/home.html b/smtl/templates/home.html
@@ -1,13 +1,14 @@
<!doctype html>
<html lang="en">
+
<head>
<meta charset="utf-8">
<title>{{ title }}</title>
{% for name, content in meta.items() %}
- <meta name="{{ name }}" content="{{ content }}">
+ <meta name="{{ name }}" content="{{ content }}">
{% endfor %}
<link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">
@@ -17,25 +18,28 @@
<h2 id="title">{{ title }}</h2>
{% with messages = get_flashed_messages(with_categories=true) %}
- {% if messages %}
- <ul id="flashes">
- {% for category, message in messages %}
- <li class="{{ category }}">{{ message }}</li>
- {% endfor %}
- </ul>
- {% endif %}
+ {% if messages %}
+ <ul id="flashes">
+ {% for category, message in messages %}
+ <li class="{{ category }}">{{ message }}</li>
+ {% endfor %}
+ </ul>
+ {% endif %}
{% endwith %}
<form action="/signup" id="signup_form" method="POST">
<table>
{% for field in [form.firstname, form.lastname, form.club, form.dwz, form.email] %}
- <tr>
- <td>{{ field.label }}</td>
- <td>{{ field }}</td>
- </tr>
+ <tr>
+ <td>{{ field.label }}</td>
+ <td>{{ field }}</td>
+ </tr>
{% endfor %}
<tr>
- <td><input type="submit" value="Teilnehmen"></td>
+ <td>
+ <input type="submit" value="Teilnehmen">
+ <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+ </td>
<td><input type="reset" value="Löschen"></td>
</tr>
</table>
@@ -43,4 +47,5 @@
<script type="module" src="{{ url_for('static', filename='js/main.js') }}"></script>
</body>
+
</html>