csrf jquery ajax testing part 1

app/dashboard.py

@@ -1,4 +1,5 @@
 from app import app, db, login
+from app.forms import ProfileSettingsForm
 from app.models import User, Search
 from app.custom import require_role
 from flask import render_template, redirect, url_for, request, jsonify
@@ -9,11 +10,19 @@ from flask_login import current_user, login_required
 def dashboard():
     return render_template('/dashboard/dashboard.html')
 
-@app.route('/dashboard/profile_settings')
+@app.route('/dashboard/profile_settings', methods=['GET'])
 @login_required
 def profile_settings():
-    return render_template('/dashboard/profile_settings.html')
+    form = ProfileSettingsForm()
+    return render_template('/dashboard/profile_settings.html', form=form)
 
+@app.route('/dashboard/profile_settings/submit', methods=['POST'])
+@login_required
+def profile_settings_submit():
+    form = ProfileSettingsForm()
+    if form.validate_on_submit():
+        return jsonify(data={'message' : 'hello {}'.format(form.show_email.data)})
+    return '$'
 @app.route('/dashboard/constants')
 @login_required
 @require_role(roles=['Admin'])

app/forms.py

@@ -1,5 +1,5 @@
 from flask_wtf import FlaskForm
-from wtforms import StringField, PasswordField, BooleanField, SubmitField
+from wtforms import StringField, PasswordField, BooleanField, SubmitField, RadioField
 from wtforms.validators import ValidationError, DataRequired, EqualTo, Email
 from app.models import User
 
@@ -27,4 +27,5 @@ class RegistrationForm(FlaskForm):
             raise ValidationError('That email address is not available.')
 
 class ProfileSettingsForm(FlaskForm):
-    show_email = BooleanField('Show ')
+    show_email = RadioField('Show Email', choices=[('p', 'Public'), ('r', 'Registered Users Only'), ('h', 'Hidden')])
+    submit = SubmitField('Save Profile Settings')

app/templates/dashboard/profile_settings.html

@@ -5,7 +5,7 @@
 <script>
     $(document).ready(function () {
         $('form').submit(function (e) {
-            var url = "{# { url_for('something') } #}"; // send the form data here.
+            var url = "{{ url_for('profile_settings_submit') }}"; // send the form data here.
             $.ajax({
                 type: "POST",
                 url: url,
@@ -20,7 +20,7 @@
         $.ajaxSetup({
             beforeSend: function (xhr, settings) {
                 if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
-                    xhr.setRequestHeader("X-CSRFToken", "{#{ form.csrf_token._value() }#}")
+                    xhr.setRequestHeader("X-CSRFToken", "{{ form.csrf_token._value() }}")
                 }
             }
         })
@@ -30,8 +30,13 @@
 {% block dashboard_body %}
 <section>
     <h1 class="title">Profile Settings</h1>
-    <span>
+    <form action="" method="POST" novalidate>
-        form goes here nibba
+        {{ form.hidden_tag() }}
-    </span>
+        <div class="field">
+            {{ form.show_email.label }}
+            {{ form.show_email(class="_input") }}
+        </div>
+        {{ form.submit }}
+    </form>
 </section>
 {% endblock dashboard_body %}