Flask-WTF CSRF token missing with PyPugJs (Pug)

Question

I’m currently writing an app with logins and I can’t get the Flask-wtf form to submit or validate because apparently my csrf token is missing. I’ve tried a bunch of different methods of embedding the token but to no avail. My guess is that somewhere in the compiling to jinja code from pug, my csrf codes are breaking. Here is the code for my log in route:

@accounts.route('/log_in', methods=['GET', 'POST'])
def log_in():
    form = forms.LoginForm()

    if form.validate_on_submit():
        try:
            models.User.get(models.User.username == form.username.data)
        except models.DoesNotExist:
            flash('Incorrect username or password', 'error')

        if check_password_hash(user.password, form.password.data):
            login_user(user)
            flash('You are now logged in')

            return redirect(url_for('index'))

    return render_template('simple_form.pug', heading='Log in', form=form)

and here is my template (simple_form.pug)

extends mixins

block content
    h1= heading
    +render_form(form)

which is rendering a form using this mixin:

mixin render_field(field)
    if field.errors
        for error in field.errors
            .notification.error= error

    =field(placeholder=field.label.text)

mixin render_form(form, action='Submit')
    form(method='POST', action='')
        =form.hidden_tag()

        each field in form
            fieldset
                +render_field(field)

        button(type='submit')= action

This is the generated HTML code on the front end if that helps:

<form action="" method="post">
        <input id="csrf_token" name="csrf_token" type="hidden" value=
        "1477255131##5245edf329a5bc24d7f4fc57c7d717bfc90249dc">
        <fieldset>
            <input id="csrf_token" name="csrf_token" placeholder="Csrf Token"
            type="hidden" value=
            "1477255131##5245edf329a5bc24d7f4fc57c7d717bfc90249dc">
        </fieldset>
        <fieldset>
            <input id="username" name="username" placeholder="Username" type=
            "text" value="">
        </fieldset>
        <fieldset>
            <input id="email" name="email" placeholder="Email Address" type=
            "text" value="">
        </fieldset>
        <fieldset>
            <input id="password" name="password" placeholder="Password" type=
            "password" value="">
        </fieldset>
        <fieldset>
            <input id="password_confirm" name="password_confirm" placeholder=
            "Confirm Password" type="password" value="">
        </fieldset><button type="submit">Submit</button>
    </form>

Also, here is my WTForm code:

class SignupForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired()])
    email = StringField('Email Address', validators=[DataRequired(), Email()])
    password = PasswordField('Password', validators=[DataRequired(), Length(min=6)])
    password_confirm = PasswordField('Confirm Password', validators=[DataRequired(), EqualTo('password', message='Passwords must match')])

Any help would be much appreciated :)

Answer 1 · 2016-10-30T01:23:53Z

October 30, 2016 1:23am

The problem apparently resolved itself! I’m guessing that my front end issue was messing things up but I really have no idea

Answer 2 · 2016-10-24T18:27:16Z

October 24, 2016 6:27pm

Hmm, I have zero experience with PyPug (or PyJade, which it's a clone of). What error message(s) are you getting?

Welcome to the Treehouse Community

Looking to learn something new?

hum4n01d

hum4n01d

Flask-WTF CSRF token missing with PyPugJs (Pug)

hum4n01d

hum4n01d

2 Answers

hum4n01d

hum4n01d

Kenneth Love

Kenneth Love

hum4n01d

hum4n01d

Kenneth Love

Kenneth Love

hum4n01d

hum4n01d

hum4n01d

hum4n01d

Kenneth Love

Kenneth Love

hum4n01d

hum4n01d