Error with POST request in Flask

My question is very similar to this but unfortunately the solution does not work for me.

I have created a web app and there is a 'Login as User' button which should redirect the user to a login form.

The app.py file looks like:

@app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'POST':
        if request.form['action'] == 'Login as Guest':
            create_user(request, session)
        elif request.form['action'] == 'Login as User':
            return redirect(url_for('login'), code=307)
        elif request.form['action'] == 'Delete User':
            delete_user(request, session)
        else:
            abort("invalid form")
        return redirect(url_for('start'))

    return render_template('index.html', username=session.get('username'))


@app.route('/login', methods=['GET', 'POST'])
def login():

    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']

    return render_template('login.html', username=session.get('username'))

The login.html form is the following:

<form class="form" action="" method="POST">
    <input type="text" placeholder="Username" name="username">
    <input type="password" placeholder="Password" name="password">
    <input class="btn btn-lg btn-success" name="login" type="submit" value="Login">
</form>

And the index.html form looks like:

<form class="form" action="" method="POST">
    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
    <input type="submit" name="action" class="btn btn-lg btn-success {% if username == None %}disabled{% endif %}" value="Delete User">
    <input type="submit" name="action" class="btn btn-lg btn-success {% if username %}disabled{% endif %}" value="Login as Guest">
    <input type="submit" name="action" class="btn btn-lg btn-success {% if username %}disabled{% endif %}" value="Login as User">
</form>

Even though I added code = 307 in the return redirect(url_for('login'), code=307) call and the request method is POST, when I click on the Login as User button I get the following error:

Bad Request

The browser (or proxy) sent a request that this server could not understand.

Answers


The reason:

click on the "Login as User" -> go to index endpoint -> redirect to login endpoint.

the problem is when redirect to login endpoint, you can't get your username via request.form['username'], nothing is in your form yet, thus you get the error.

The solution:

There are still some problems in your example:

  • you may specify the action in you template
  • what's the usage for username in login.html?

I'll give you an simple example and hopt it helps.

@app.route('/', methods=['GET', 'POST'])
def index():
    ...
    return redirect(url_for('login'))  # no need for code 307
    ...

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form.get('username')
        password = request.form.get('password')
        if username == 'realusername' and password == 'realpasswd':
            redirect(url_for('success_login'))
    return render_template('login.html')

@app.route('/admin')
def success_login():
    return "Login success!"

Need Your Help

Anybody Know of any Tools to help Analysing .NET Trace Log Files?

c# .net trace

I am developing a C# .NET application. In the app.config file I add trace logging as shown,

Python Scikit-image processing of Gel electrophoresis data

python numpy computer-vision scikit-image

I never used computer vision stuff before and thought I can use python for analysis of Gel Electrophoresis. Here is a video explaining what is happening if you are not familiar with the process.