how to access form data using flask?
Solution 1
You are not using curl
correctly. Try like this:
curl -d 'uuid=admin&password=admin'
The 400 Bad Request
error is the usual behavior when you try to get nonexistent keys from request.form
.
Alternatively, use request.json
instead of request.form
and call curl
like this:
curl -d '{"uuid":"admin","password":"admin"}' -H "Content-Type: application/json"
Solution 2
You still need to return a response:
from flask import abort
@app.route('/login/', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
user = User.get(request.form['uuid'])
if user and hash_password(request.form['password']) == user._password:
login_user(user, remember=True)
return redirect('/home/')
else:
return abort(401) # 401 Unauthorized
else:
return abort(405) # 405 Method Not Allowed
Here's the documentation for custom Flask error pages.
Also, take a look at Flask-Bcrypt for password hashing.
Your CURL command line isn't valid. JSON objects need to have double quotes around the keys and values:
$ curl -d '{"uuid": "admin", "password": "admin"}' http://127.0.0.1:5000/login/
Now, you can access the keys with request.json
.
daydreamer
Hello Viewer, Some of the places to see my work are BonsaiiLabs My Website
Updated on July 09, 2022Comments
-
daydreamer almost 2 years
My
login
endpoint looks like@app.route('/login/', methods=['GET', 'POST']) def login(): if request.method == 'POST': print request.form # debug line, see data printed below user = User.get(request.form['uuid']) if user and hash_password(request.form['password']) == user._password: login_user(user, remember=True) # change remember as preference return redirect('/home/') else: return 'GET on login not supported'
When I test this using
curl
, theGET
call looks like⮀ ~PYTHONPATH ⮀ ⭠ 43± ⮀ curl http://127.0.0.1:5000/login/ GET on login not supported
but on
POST
, I am not able to access the form data and getHTTP 400
⮀ ~PYTHONPATH ⮀ ⭠ 43± ⮀ curl -d "{'uuid': 'admin', 'password': 'admin'}" http://127.0.0.1:5000/login/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>400 Bad Request</title> <h1>Bad Request</h1> <p>The browser (or proxy) sent a request that this server could not understand.</p>
On the server though, my debug information prints the following
ImmutableMultiDict([("{'uuid': 'admin', 'password': 'admin'}", u'')])
where I do
print request.form
. I am not able to understand where I am doing wrong