add SecureForm for easier CSRF validation

46958eb0 · Paul Brown · 1975115a · 46958eb0
Commit 46958eb0 authored Sep 17, 2015 by Paul Brown
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 1 deletion

__init__.py flask_admin/form/__init__.py +27 -1

No files found.
--- a/flask_admin/form/__init__.py
+++ b/flask_admin/form/__init__.py
-from wtforms import form
+from wtforms import form, __version__ as wtforms_version
 from wtforms.fields.core import UnboundField
 from .fields import *
@@ -32,3 +32,29 @@ def recreate_field(unbound):
        raise ValueError('recreate_field expects UnboundField instance, %s was passed.' % type(unbound))
    return unbound.field_class(*unbound.args, **unbound.kwargs)
+if int(wtforms_version[0]) > 1:
+    # only WTForms 2+ has built-in CSRF functionality
+    from os import urandom
+    from flask import session
+    from wtforms.csrf.session import SessionCSRF
+    class SecureForm(BaseForm):
+        """
+            BaseForm with CSRF token generation and validation support.
+            Requires WTForms 2+
+        """
+        class Meta:
+            csrf = True
+            csrf_class = SessionCSRF
+            csrf_secret = urandom(24)
+            @property
+            def csrf_context(self):
+                return session
+else:
+    class SecureForm(BaseForm):
+        def __init__(self, *args, **kwargs):
+            raise Exception("SecureForm requires WTForms 2+")