csrf jquery ajax testing part 1

2025-12-07 03:16:58 -06:00 · 2019-07-04 11:59:42 -05:00
parent 9273a82814
commit 94a7a6a9ff
3 changed files with 24 additions and 9 deletions
--- a/app/dashboard.py
+++ b/app/dashboard.py
@@ -1,4 +1,5 @@
 from app import app, db, login
+from app.forms import ProfileSettingsForm
 from app.models import User, Search
 from app.custom import require_role
 from flask import render_template, redirect, url_for, request, jsonify
@@ -9,11 +10,19 @@ from flask_login import current_user, login_required
 def dashboard():
    return render_template('/dashboard/dashboard.html')

-@app.route('/dashboard/profile_settings')
+@app.route('/dashboard/profile_settings', methods=['GET'])
@login_required
 def profile_settings():
-    return render_template('/dashboard/profile_settings.html')
+    form = ProfileSettingsForm()
+    return render_template('/dashboard/profile_settings.html', form=form)

+@app.route('/dashboard/profile_settings/submit', methods=['POST'])
+@login_required
+def profile_settings_submit():
+    form = ProfileSettingsForm()
+    if form.validate_on_submit():
+        return jsonify(data={'message' : 'hello {}'.format(form.show_email.data)})
+    return '$'
@app.route('/dashboard/constants')
@login_required
@require_role(roles=['Admin'])
--- a/app/forms.py
+++ b/app/forms.py
@@ -1,5 +1,5 @@
 from flask_wtf import FlaskForm
-from wtforms import StringField, PasswordField, BooleanField, SubmitField
+from wtforms import StringField, PasswordField, BooleanField, SubmitField, RadioField
 from wtforms.validators import ValidationError, DataRequired, EqualTo, Email
 from app.models import User

@@ -27,4 +27,5 @@ class RegistrationForm(FlaskForm):
            raise ValidationError('That email address is not available.')

 class ProfileSettingsForm(FlaskForm):
-    show_email = BooleanField('Show ')
+    show_email = RadioField('Show Email', choices=[('p', 'Public'), ('r', 'Registered Users Only'), ('h', 'Hidden')])
+    submit = SubmitField('Save Profile Settings')
--- a/app/templates/dashboard/profile_settings.html
+++ b/app/templates/dashboard/profile_settings.html
@@ -5,7 +5,7 @@
 <script>
    $(document).ready(function () {
        $('form').submit(function (e) {
-            var url = "{# { url_for('something') } #}"; // send the form data here.
+            var url = "{{ url_for('profile_settings_submit') }}"; // send the form data here.
            $.ajax({
                type: "POST",
                url: url,
@@ -20,7 +20,7 @@
        $.ajaxSetup({
            beforeSend: function (xhr, settings) {
                if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
-                    xhr.setRequestHeader("X-CSRFToken", "{#{ form.csrf_token._value() }#}")
+                    xhr.setRequestHeader("X-CSRFToken", "{{ form.csrf_token._value() }}")
                }
            }
        })
@@ -30,8 +30,13 @@
 {% block dashboard_body %}
 <section>
    <h1 class="title">Profile Settings</h1>
-    <span>
-        form goes here nibba
-    </span>
+    <form action="" method="POST" novalidate>
+        {{ form.hidden_tag() }}
+        <div class="field">
+            {{ form.show_email.label }}
+            {{ form.show_email(class="_input") }}
+        </div>
+        {{ form.submit }}
+    </form>
 </section>
 {% endblock dashboard_body %}