Browse Source

Merge pull request #1 from pallets/master

fetch commits
pull/2623/head
Grey Li 7 years ago committed by GitHub
parent
commit
94a8e5a8d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 23
      .appveyor.yml
  2. 11
      .coveragerc
  3. 33
      .github/ISSUE_TEMPLATE.md
  4. 2
      .github/ISSUE_TEMPLATE.rst
  5. 16
      .github/PULL_REQUEST_TEMPLATE.md
  6. 8
      .gitignore
  7. 3
      .gitmodules
  8. 66
      .travis.yml
  9. 3
      AUTHORS
  10. 190
      CHANGES.rst
  11. 176
      CONTRIBUTING.rst
  12. 2
      MANIFEST.in
  13. 33
      Makefile
  14. 4
      README
  15. BIN
      docs/_static/debugger.png
  16. BIN
      docs/_static/flask.png
  17. BIN
      docs/_static/flaskr.png
  18. BIN
      docs/_static/logo-full.png
  19. BIN
      docs/_static/no.png
  20. BIN
      docs/_static/pycharm-runconfig.png
  21. BIN
      docs/_static/touch-icon.png
  22. BIN
      docs/_static/yes.png
  23. 8
      docs/_templates/sidebarintro.html
  24. 1
      docs/_themes
  25. 8
      docs/advanced_foreword.rst
  26. 91
      docs/api.rst
  27. 56
      docs/appcontext.rst
  28. 18
      docs/blueprints.rst
  29. 2
      docs/changelog.rst
  30. 522
      docs/cli.rst
  31. 43
      docs/conf.py
  32. 536
      docs/config.rst
  33. 3
      docs/contents.rst.inc
  34. 1
      docs/contributing.rst
  35. 10
      docs/deploying/fastcgi.rst
  36. 11
      docs/deploying/index.rst
  37. 8
      docs/deploying/mod_wsgi.rst
  38. 4
      docs/deploying/uwsgi.rst
  39. 18
      docs/deploying/wsgi-standalone.rst
  40. 290
      docs/errorhandling.rst
  41. 40
      docs/extensiondev.rst
  42. 86
      docs/flaskext.py
  43. 236
      docs/installation.rst
  44. 175
      docs/logging.rst
  45. 35
      docs/patterns/appfactories.rst
  46. 80
      docs/patterns/celery.rst
  47. 82
      docs/patterns/deferredcallbacks.rst
  48. 8
      docs/patterns/distribute.rst
  49. 54
      docs/patterns/errorpages.rst
  50. 2
      docs/patterns/favicon.rst
  51. 16
      docs/patterns/fileuploads.rst
  52. 2
      docs/patterns/flashing.rst
  53. 11
      docs/patterns/packages.rst
  54. 10
      docs/patterns/sqlalchemy.rst
  55. 4
      docs/patterns/sqlite3.rst
  56. 2
      docs/patterns/wtforms.rst
  57. 23
      docs/python3.rst
  58. 309
      docs/quickstart.rst
  59. 13
      docs/reqcontext.rst
  60. 162
      docs/security.rst
  61. 22
      docs/server.rst
  62. 4
      docs/signals.rst
  63. 2
      docs/styleguide.rst
  64. 2
      docs/templating.rst
  65. 280
      docs/testing.rst
  66. 3
      docs/tutorial/dbcon.rst
  67. 31
      docs/tutorial/dbinit.rst
  68. 14
      docs/tutorial/folders.rst
  69. 18
      docs/tutorial/index.rst
  70. 9
      docs/tutorial/introduction.rst
  71. 38
      docs/tutorial/packaging.rst
  72. 74
      docs/tutorial/setup.rst
  73. 9
      docs/tutorial/templates.rst
  74. 2
      docs/tutorial/testing.rst
  75. 3
      docs/tutorial/views.rst
  76. 6
      docs/upgrading.rst
  77. 12
      examples/flaskr/README
  78. 1
      examples/flaskr/flaskr/__init__.py
  79. 0
      examples/flaskr/flaskr/blueprints/__init__.py
  80. 55
      examples/flaskr/flaskr/blueprints/flaskr.py
  81. 64
      examples/flaskr/flaskr/factory.py
  82. 4
      examples/flaskr/flaskr/templates/layout.html
  83. 2
      examples/flaskr/flaskr/templates/login.html
  84. 2
      examples/flaskr/flaskr/templates/show_entries.html
  85. 15
      examples/flaskr/setup.py
  86. 51
      examples/flaskr/tests/test_flaskr.py
  87. 10
      examples/minitwit/README
  88. 2
      examples/minitwit/minitwit/__init__.py
  89. 6
      examples/minitwit/minitwit/minitwit.py
  90. 12
      examples/minitwit/tests/test_minitwit.py
  91. 10
      examples/patterns/largerapp/setup.py
  92. 12
      examples/patterns/largerapp/tests/test_largerapp.py
  93. 4
      examples/patterns/largerapp/yourapplication/__init__.py
  94. 0
      examples/patterns/largerapp/yourapplication/static/style.css
  95. 0
      examples/patterns/largerapp/yourapplication/templates/index.html
  96. 0
      examples/patterns/largerapp/yourapplication/templates/layout.html
  97. 0
      examples/patterns/largerapp/yourapplication/templates/login.html
  98. 5
      examples/patterns/largerapp/yourapplication/views.py
  99. 4
      flask/__init__.py
  100. 2
      flask/_compat.py
  101. Some files were not shown because too many files have changed in this diff Show More

23
.appveyor.yml

@ -0,0 +1,23 @@
environment:
global:
TOXENV: py
matrix:
- PYTHON: C:\Python36
- PYTHON: C:\Python27
init:
- SET PATH=%PYTHON%;%PATH%
install:
- python -m pip install -U pip setuptools wheel tox
build: false
test_script:
- python -m tox
branches:
only:
- master
- /^.*-maintenance$/

11
.coveragerc

@ -0,0 +1,11 @@
[run]
branch = True
source =
flask
tests
[paths]
source =
flask
.tox/*/lib/python*/site-packages/flask
.tox/pypy/site-packages/flask

33
.github/ISSUE_TEMPLATE.md

@ -0,0 +1,33 @@
**This issue tracker is a tool to address bugs in Flask itself.
Please use the #pocoo IRC channel on freenode or Stack Overflow for general
questions about using Flask or issues not related to Flask.**
If you'd like to report a bug in Flask, fill out the template below. Provide
any any extra information that may be useful / related to your problem.
Ideally, create an [MCVE](http://stackoverflow.com/help/mcve), which helps us
understand the problem and helps check that it is not caused by something in
your code.
---
### Expected Behavior
Tell us what should happen.
```python
Paste a minimal example that causes the problem.
```
### Actual Behavior
Tell us what happens instead.
```pytb
Paste the full traceback if there was an exception.
```
### Environment
* Python version:
* Flask version:
* Werkzeug version:

2
.github/ISSUE_TEMPLATE.rst

@ -1,2 +0,0 @@
The issue tracker is a tool to address bugs.
Please use the #pocoo IRC channel on freenode or Stack Overflow for questions.

16
.github/PULL_REQUEST_TEMPLATE.md

@ -0,0 +1,16 @@
Describe what this patch does to fix the issue.
Link to any relevant issues or pull requests.
<!--
Commit checklist:
* add tests that fail without the patch
* ensure all tests pass with ``pytest``
* add documentation to the relevant docstrings or pages
* add ``versionadded`` or ``versionchanged`` directives to relevant docstrings
* add a changelog entry if this patch changes code
Tests, coverage, and docs will be run automatically when you submit the pull
request, but running them yourself can save time.
-->

8
.gitignore vendored

@ -1,4 +1,6 @@
.DS_Store .DS_Store
.env
.flaskenv
*.pyc *.pyc
*.pyo *.pyo
env env
@ -11,3 +13,9 @@ _mailinglist
.tox .tox
.cache/ .cache/
.idea/ .idea/
# Coverage reports
htmlcov
.coverage
.coverage.*
*,cover

3
.gitmodules vendored

@ -1,3 +0,0 @@
[submodule "docs/_themes"]
path = docs/_themes
url = https://github.com/mitsuhiko/flask-sphinx-themes.git

66
.travis.yml

@ -1,55 +1,37 @@
sudo: false sudo: false
language: python language: python
python:
- "2.6"
- "2.7"
- "pypy"
- "3.3"
- "3.4"
- "3.5"
env:
- REQUIREMENTS=lowest
- REQUIREMENTS=lowest-simplejson
- REQUIREMENTS=release
- REQUIREMENTS=release-simplejson
- REQUIREMENTS=devel
- REQUIREMENTS=devel-simplejson
matrix: matrix:
exclude: include:
# Python 3 support currently does not work with lowest requirements - python: 3.6
- python: "3.3" env: TOXENV=py,simplejson,devel,lowest,codecov,docs-html
env: REQUIREMENTS=lowest - python: 3.5
- python: "3.3" env: TOXENV=py,codecov
env: REQUIREMENTS=lowest-simplejson - python: 3.4
- python: "3.4" env: TOXENV=py,codecov
env: REQUIREMENTS=lowest - python: 2.7
- python: "3.4" env: TOXENV=py,simplejson,devel,lowest,codecov
env: REQUIREMENTS=lowest-simplejson - python: pypy
- python: "3.5" env: TOXENV=py,codecov
env: REQUIREMENTS=lowest - python: nightly
- python: "3.5" env: TOXENV=py
env: REQUIREMENTS=lowest-simplejson allow_failures:
- python: nightly
env: TOXENV=py
install: install:
- pip install tox - pip install tox
script: script:
- tox -e py-$REQUIREMENTS - tox
cache:
- pip
branches: branches:
except: only:
- website - master
- /^.*-maintenance$/
notifications: notifications:
email: false email: false
irc:
channels:
- "chat.freenode.net#pocoo"
on_success: change
on_failure: always
use_notice: true
skip_join: true

3
AUTHORS

@ -9,6 +9,7 @@ Development Lead
Patches and Suggestions Patches and Suggestions
``````````````````````` ```````````````````````
- Adam Byrtek
- Adam Zapletal - Adam Zapletal
- Ali Afshar - Ali Afshar
- Chris Edgemon - Chris Edgemon
@ -20,7 +21,9 @@ Patches and Suggestions
- Edmond Burnett - Edmond Burnett
- Florent Xicluna - Florent Xicluna
- Georg Brandl - Georg Brandl
- Hsiaoming Yang @lepture
- Jeff Widman @jeffwidman - Jeff Widman @jeffwidman
- Joshua Bronson @jab
- Justin Quick - Justin Quick
- Kenneth Reitz - Kenneth Reitz
- Keyan Pishdadian - Keyan Pishdadian

190
CHANGES → CHANGES.rst

@ -1,11 +1,197 @@
Flask Changelog Flask Changelog
=============== ===============
Here you can see the full list of changes between each Flask release.
Version 1.0
-----------
unreleased
- **Python 2.6 and 3.3 are no longer supported.** (`pallets/meta#24`_)
- Bump minimum dependency versions to the latest stable versions:
Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1.
(`#2586`_)
- Make ``app.run()`` into a noop if a Flask application is run from the
development server on the command line. This avoids some behavior that
was confusing to debug for newcomers.
- Change default configuration ``JSONIFY_PRETTYPRINT_REGULAR=False``.
``jsonify()`` method returns compressed response by default, and pretty
response in debug mode. (`#2193`_)
- Change ``Flask.__init__`` to accept two new keyword arguments,
``host_matching`` and ``static_host``. This enables ``host_matching`` to be
set properly by the time the constructor adds the static route, and enables
the static route to be properly associated with the required host.
(``#1559``)
- ``send_file`` supports Unicode in ``attachment_filename``. (`#2223`_)
- Pass ``_scheme`` argument from ``url_for`` to ``handle_build_error``.
(`#2017`_)
- Add support for ``provide_automatic_options`` in ``add_url_rule`` to disable
adding OPTIONS method when the ``view_func`` argument is not a class.
(`#1489`_).
- ``MethodView`` can inherit method handlers from base classes. (`#1936`_)
- Errors caused while opening the session at the beginning of the request are
handled by the app's error handlers. (`#2254`_)
- Blueprints gained ``json_encoder`` and ``json_decoder`` attributes to
override the app's encoder and decoder. (`#1898`_)
- ``Flask.make_response`` raises ``TypeError`` instead of ``ValueError`` for
bad response types. The error messages have been improved to describe why the
type is invalid. (`#2256`_)
- Add ``routes`` CLI command to output routes registered on the application.
(`#2259`_)
- Show warning when session cookie domain is a bare hostname or an IP
address, as these may not behave properly in some browsers, such as Chrome.
(`#2282`_)
- Allow IP address as exact session cookie domain. (`#2282`_)
- ``SESSION_COOKIE_DOMAIN`` is set if it is detected through ``SERVER_NAME``.
(`#2282`_)
- Auto-detect zero-argument app factory called ``create_app`` or ``make_app``
from ``FLASK_APP``. (`#2297`_)
- Factory functions are not required to take a ``script_info`` parameter to
work with the ``flask`` command. If they take a single parameter or a
parameter named ``script_info``, the ``ScriptInfo`` object will be passed.
(`#2319`_)
- FLASK_APP=myproject.app:create_app('dev') support.
- ``FLASK_APP`` can be set to an app factory, with arguments if needed, for
example ``FLASK_APP=myproject.app:create_app('dev')``. (`#2326`_)
- ``FLASK_APP`` can point to local packages that are not installed in dev mode,
although `pip install -e` should still be preferred. (`#2414`_)
- ``View.provide_automatic_options = True`` is set on the view function from
``View.as_view``, to be detected in ``app.add_url_rule``. (`#2316`_)
- Error handling will try handlers registered for ``blueprint, code``,
``app, code``, ``blueprint, exception``, ``app, exception``. (`#2314`_)
- ``Cookie`` is added to the response's ``Vary`` header if the session is
accessed at all during the request (and it wasn't deleted). (`#2288`_)
- ``app.test_request_context()`` take ``subdomain`` and ``url_scheme``
parameters for use when building base URL. (`#1621`_)
- Set ``APPLICATION_ROOT = '/'`` by default. This was already the implicit
default when it was set to ``None``.
- ``TRAP_BAD_REQUEST_ERRORS`` is enabled by default in debug mode.
``BadRequestKeyError`` has a message with the bad key in debug mode instead
of the generic bad request message. (`#2348`_)
- Allow registering new tags with ``TaggedJSONSerializer`` to support
storing other types in the session cookie. (`#2352`_)
- Only open the session if the request has not been pushed onto the context
stack yet. This allows ``stream_with_context`` generators to access the same
session that the containing view uses. (`#2354`_)
- Add ``json`` keyword argument for the test client request methods. This will
dump the given object as JSON and set the appropriate content type.
(`#2358`_)
- Extract JSON handling to a mixin applied to both the request and response
classes used by Flask. This adds the ``is_json`` and ``get_json`` methods to
the response to make testing JSON response much easier. (`#2358`_)
- Removed error handler caching because it caused unexpected results for some
exception inheritance hierarchies. Register handlers explicitly for each
exception if you don't want to traverse the MRO. (`#2362`_)
- Fix incorrect JSON encoding of aware, non-UTC datetimes. (`#2374`_)
- Template auto reloading will honor the ``run`` command's ``debug`` flag even
if ``app.jinja_env`` was already accessed. (`#2373`_)
- The following old deprecated code was removed. (`#2385`_)
- ``flask.ext`` - import extensions directly by their name instead of
through the ``flask.ext`` namespace. For example,
``import flask.ext.sqlalchemy`` becomes ``import flask_sqlalchemy``.
- ``Flask.init_jinja_globals`` - extend ``Flask.create_jinja_environment``
instead.
- ``Flask.error_handlers`` - tracked by ``Flask.error_handler_spec``,
use ``@app.errorhandler`` to register handlers.
- ``Flask.request_globals_class`` - use ``Flask.app_ctx_globals_class``
instead.
- ``Flask.static_path`` - use ``Flask.static_url_path`` instead.
- ``Request.module`` - use ``Request.blueprint`` instead.
- The ``request.json`` property is no longer deprecated. (`#1421`_)
- Support passing an existing ``EnvironBuilder`` or ``dict`` to
``test_client.open``. (`#2412`_)
- The ``flask`` command and ``app.run`` will load environment variables using
from ``.env`` and ``.flaskenv`` files if python-dotenv is installed.
(`#2416`_)
- When passing a full URL to the test client, use the scheme in the URL instead
of the ``PREFERRED_URL_SCHEME``. (`#2430`_)
- ``app.logger`` has been simplified. ``LOGGER_NAME`` and
``LOGGER_HANDLER_POLICY`` config was removed. The logger is always named
``flask.app``. The level is only set on first access, it doesn't check
``app.debug`` each time. Only one format is used, not different ones
depending on ``app.debug``. No handlers are removed, and a handler is only
added if no handlers are already configured. (`#2436`_)
- Blueprint view function name may not contain dots. (`#2450`_)
- Fix a ``ValueError`` caused by invalid Range requests in some cases.
(`#2526`_)
- The dev server now uses threads by default. (`#2529`_)
- Loading config files with ``silent=True`` will ignore ``ENOTDIR``
errors. (`#2581`_)
- Pass ``--cert`` and ``--key`` options to ``flask run`` to run the
development server over HTTPS. (`#2606`_)
- Added :data:`SESSION_COOKIE_SAMESITE` to control the ``SameSite``
attribute on the session cookie. (`#2607`_)
.. _pallets/meta#24: https://github.com/pallets/meta/issues/24
.. _#1421: https://github.com/pallets/flask/issues/1421
.. _#1489: https://github.com/pallets/flask/pull/1489
.. _#1621: https://github.com/pallets/flask/pull/1621
.. _#1898: https://github.com/pallets/flask/pull/1898
.. _#1936: https://github.com/pallets/flask/pull/1936
.. _#2017: https://github.com/pallets/flask/pull/2017
.. _#2193: https://github.com/pallets/flask/pull/2193
.. _#2223: https://github.com/pallets/flask/pull/2223
.. _#2254: https://github.com/pallets/flask/pull/2254
.. _#2256: https://github.com/pallets/flask/pull/2256
.. _#2259: https://github.com/pallets/flask/pull/2259
.. _#2282: https://github.com/pallets/flask/pull/2282
.. _#2288: https://github.com/pallets/flask/pull/2288
.. _#2297: https://github.com/pallets/flask/pull/2297
.. _#2314: https://github.com/pallets/flask/pull/2314
.. _#2316: https://github.com/pallets/flask/pull/2316
.. _#2319: https://github.com/pallets/flask/pull/2319
.. _#2326: https://github.com/pallets/flask/pull/2326
.. _#2348: https://github.com/pallets/flask/pull/2348
.. _#2352: https://github.com/pallets/flask/pull/2352
.. _#2354: https://github.com/pallets/flask/pull/2354
.. _#2358: https://github.com/pallets/flask/pull/2358
.. _#2362: https://github.com/pallets/flask/pull/2362
.. _#2374: https://github.com/pallets/flask/pull/2374
.. _#2373: https://github.com/pallets/flask/pull/2373
.. _#2385: https://github.com/pallets/flask/issues/2385
.. _#2412: https://github.com/pallets/flask/pull/2412
.. _#2414: https://github.com/pallets/flask/pull/2414
.. _#2416: https://github.com/pallets/flask/pull/2416
.. _#2430: https://github.com/pallets/flask/pull/2430
.. _#2436: https://github.com/pallets/flask/pull/2436
.. _#2450: https://github.com/pallets/flask/pull/2450
.. _#2526: https://github.com/pallets/flask/issues/2526
.. _#2529: https://github.com/pallets/flask/pull/2529
.. _#2586: https://github.com/pallets/flask/issues/2586
.. _#2581: https://github.com/pallets/flask/pull/2581
.. _#2606: https://github.com/pallets/flask/pull/2606
.. _#2607: https://github.com/pallets/flask/pull/2607
Version 0.12.2
--------------
Released on May 16 2017
- Fix a bug in `safe_join` on Windows.
Version 0.12.1
--------------
Bugfix release, released on March 31st 2017
- Prevent `flask run` from showing a NoAppException when an ImportError occurs
within the imported application module.
- Fix encoding behavior of ``app.config.from_pyfile`` for Python 3. Fix
``#2118``.
- Use the ``SERVER_NAME`` config if it is present as default values for
``app.run``. ``#2109``, ``#2152``
- Call `ctx.auto_pop` with the exception object instead of `None`, in the
event that a `BaseException` such as `KeyboardInterrupt` is raised in a
request handler.
Version 0.12 Version 0.12
------------ ------------
Released on December 21st 2016, codename Punsch.
- the cli command now responds to `--version`. - the cli command now responds to `--version`.
- Mimetype guessing and ETag generation for file-like objects in ``send_file`` - Mimetype guessing and ETag generation for file-like objects in ``send_file``
has been removed, as per issue ``#104``. See pull request ``#1849``. has been removed, as per issue ``#104``. See pull request ``#1849``.
@ -104,6 +290,8 @@ Released on May 29th 2016, codename Absinthe.
- Don't leak exception info of already catched exceptions to context teardown - Don't leak exception info of already catched exceptions to context teardown
handlers (pull request ``#1393``). handlers (pull request ``#1393``).
- Allow custom Jinja environment subclasses (pull request ``#1422``). - Allow custom Jinja environment subclasses (pull request ``#1422``).
- Updated extension dev guidelines.
- ``flask.g`` now has ``pop()`` and ``setdefault`` methods. - ``flask.g`` now has ``pop()`` and ``setdefault`` methods.
- Turn on autoescape for ``flask.templating.render_template_string`` by default - Turn on autoescape for ``flask.templating.render_template_string`` by default
(pull request ``#1515``). (pull request ``#1515``).

176
CONTRIBUTING.rst

@ -1,114 +1,166 @@
==========================
How to contribute to Flask How to contribute to Flask
========================== ==========================
Thanks for considering contributing to Flask. Thank you for considering contributing to Flask!
Support questions Support questions
================= -----------------
Please, don't use the issue tracker for this. Use one of the following
resources for questions about your own code:
* The IRC channel ``#pocoo`` on FreeNode.
* The IRC channel ``#python`` on FreeNode for more general questions.
* The mailing list flask@python.org for long term discussion or larger issues.
* Ask on `Stack Overflow`_. Search with Google first using:
``site:stackoverflow.com flask {search term, exception message, etc.}``
Please, don't use the issue tracker for this. Check whether the ``#pocoo`` IRC .. _Stack Overflow: https://stackoverflow.com/questions/tagged/flask?sort=linked
channel on Freenode can help with your issue. If your problem is not strictly
Werkzeug or Flask specific, ``#python`` is generally more active.
`Stack Overflow <https://stackoverflow.com/>`_ is also worth considering.
Reporting issues Reporting issues
================ ----------------
- Under which versions of Python does this happen? This is even more important - Describe what you expected to happen.
if your issue is encoding related. - If possible, include a `minimal, complete, and verifiable example`_ to help
us identify the issue. This also helps check that the issue is not with your
own code.
- Describe what actually happened. Include the full traceback if there was an
exception.
- List your Python, Flask, and Werkzeug versions. If possible, check if this
issue is already fixed in the repository.
- Under which versions of Werkzeug does this happen? Check if this issue is .. _minimal, complete, and verifiable example: https://stackoverflow.com/help/mcve
fixed in the repository.
Submitting patches Submitting patches
================== ------------------
- Include tests if your patch is supposed to solve a bug, and explain - Include tests if your patch is supposed to solve a bug, and explain
clearly under which circumstances the bug happens. Make sure the test fails clearly under which circumstances the bug happens. Make sure the test fails
without your patch. without your patch.
- Try to follow `PEP8`_, but you may ignore the line length limit if following
it would make the code uglier.
First time setup
~~~~~~~~~~~~~~~~
- Download and install the `latest version of git`_.
- Configure git with your `username`_ and `email`_::
git config --global user.name 'your name'
git config --global user.email 'your email'
- Try to follow `PEP8 <http://legacy.python.org/dev/peps/pep-0008/>`_, but you - Make sure you have a `GitHub account`_.
may ignore the line-length-limit if following it would make the code uglier. - Fork Flask to your GitHub account by clicking the `Fork`_ button.
- `Clone`_ your GitHub fork locally::
git clone https://github.com/{username}/flask
cd flask
Running the testsuite - Add the main repository as a remote to update later::
---------------------
You probably want to set up a `virtualenv git remote add pallets https://github.com/pallets/flask
<https://virtualenv.readthedocs.io/en/latest/index.html>`_. git fetch pallets
The minimal requirement for running the testsuite is ``py.test``. You can - Create a virtualenv::
install it with::
pip install pytest python3 -m venv env
. env/bin/activate
# or "env\Scripts\activate" on Windows
Clone this repository:: - Install Flask in editable mode with development dependencies::
git clone https://github.com/pallets/flask.git pip install -e ".[dev]"
Install Flask as an editable package using the current source:: .. _GitHub account: https://github.com/join
.. _latest version of git: https://git-scm.com/downloads
.. _username: https://help.github.com/articles/setting-your-username-in-git/
.. _email: https://help.github.com/articles/setting-your-email-in-git/
.. _Fork: https://github.com/pallets/flask/pull/2305#fork-destination-box
.. _Clone: https://help.github.com/articles/fork-a-repo/#step-2-create-a-local-clone-of-your-fork
cd flask Start coding
pip install --editable . ~~~~~~~~~~~~
Then you can run the testsuite with:: - Create a branch to identify the issue you would like to work on (e.g.
``2287-dry-test-suite``)
- Using your favorite editor, make your changes, `committing as you go`_.
- Try to follow `PEP8`_, but you may ignore the line length limit if following
it would make the code uglier.
- Include tests that cover any code changes you make. Make sure the test fails
without your patch. `Run the tests. <contributing-testsuite_>`_.
- Push your commits to GitHub and `create a pull request`_.
- Celebrate 🎉
py.test .. _committing as you go: http://dont-be-afraid-to-commit.readthedocs.io/en/latest/git/commandlinegit.html#commit-your-changes
.. _PEP8: https://pep8.org/
.. _create a pull request: https://help.github.com/articles/creating-a-pull-request/
With only py.test installed, a large part of the testsuite will get skipped .. _contributing-testsuite:
though. Whether this is relevant depends on which part of Flask you're working
on. Travis is set up to run the full testsuite when you submit your pull
request anyways.
If you really want to test everything, you will have to install ``tox`` instead Running the tests
of ``pytest``. You can install it with:: ~~~~~~~~~~~~~~~~~
pip install tox Run the basic test suite with::
The ``tox`` command will then run all tests against multiple combinations pytest
Python versions and dependency versions.
This only runs the tests for the current environment. Whether this is relevant
depends on which part of Flask you're working on. Travis-CI will run the full
suite when you submit your pull request.
The full test suite takes a long time to run because it tests multiple
combinations of Python and dependencies. You need to have Python 2.7, 3.4,
3.5 3.6, and PyPy 2.7 installed to run all of the environments. Then run::
tox
Running test coverage Running test coverage
--------------------- ~~~~~~~~~~~~~~~~~~~~~
Generating a report of lines that do not have unit test coverage can indicate where
to start contributing. ``pytest`` integrates with ``coverage.py``, using the ``pytest-cov``
plugin. This assumes you have already run the testsuite (see previous section)::
pip install pytest-cov Generating a report of lines that do not have test coverage can indicate
where to start contributing. Run ``pytest`` using ``coverage`` and generate a
report on the terminal and as an interactive HTML document::
After this has been installed, you can output a report to the command line using this command:: coverage run -m pytest
coverage report
coverage html
# then open htmlcov/index.html
py.test --cov=flask tests/ Read more about `coverage <https://coverage.readthedocs.io>`_.
Generate a HTML report can be done using this command:: Running the full test suite with ``tox`` will combine the coverage reports
from all runs.
py.test --cov-report html --cov=flask tests/ ``make`` targets
~~~~~~~~~~~~~~~~
Full docs on ``coverage.py`` are here: https://coverage.readthedocs.io Flask provides a ``Makefile`` with various shortcuts. They will ensure that
all dependencies are installed.
Caution - ``make test`` runs the basic test suite with ``pytest``
======= - ``make cov`` runs the basic test suite with ``coverage``
pushing - ``make test-all`` runs the full test suite with ``tox``
------- - ``make docs`` builds the HTML documentation
This repository contains several zero-padded file modes that may cause issues when pushing this repository to git hosts other than github. Fixing this is destructive to the commit history, so we suggest ignoring these warnings. If it fails to push and you're using a self-hosted git service like Gitlab, you can turn off repository checks in the admin panel.
Caution: zero-padded file modes
-------------------------------
cloning This repository contains several zero-padded file modes that may cause issues
------- when pushing this repository to git hosts other than GitHub. Fixing this is
The zero-padded file modes files above can cause issues while cloning, too. If you have destructive to the commit history, so we suggest ignoring these warnings. If it
fails to push and you're using a self-hosted git service like GitLab, you can
turn off repository checks in the admin panel.
:: These files can also cause issues while cloning. If you have ::
[fetch] [fetch]
fsckobjects = true fsckobjects = true
or or ::
::
[receive] [receive]
fsckObjects = true fsckObjects = true
set in your git configuration file, cloning this repository will fail. The only
set in your git configuration file, cloning this repository will fail. The only solution is to set both of the above settings to false while cloning, and then setting them back to true after the cloning is finished. solution is to set both of the above settings to false while cloning, and then
setting them back to true after the cloning is finished.

2
MANIFEST.in

@ -1,4 +1,4 @@
include Makefile CHANGES LICENSE AUTHORS include Makefile CHANGES LICENSE AUTHORS tox.ini
graft artwork graft artwork
graft tests graft tests

33
Makefile

@ -1,23 +1,35 @@
.PHONY: clean-pyc ext-test test tox-test test-with-mem upload-docs docs audit .PHONY: all install-dev test coverage cov test-all tox docs audit release clean-pyc upload-docs ebook
all: clean-pyc test all: test
test: install-dev:
pip install -r test-requirements.txt -q pip install -q -e .[dev]
FLASK_DEBUG= py.test tests examples
tox-test: test: clean-pyc install-dev
pytest
coverage: clean-pyc install-dev
pip install -q -e .[test]
coverage run -m pytest
coverage report
coverage html
cov: coverage
test-all: install-dev
tox tox
tox: test-all
docs: clean-pyc install-dev
$(MAKE) -C docs html
audit: audit:
python setup.py audit python setup.py audit
release: release:
python scripts/make-release.py python scripts/make-release.py
ext-test:
python tests/flaskext_test.py --browse
clean-pyc: clean-pyc:
find . -name '*.pyc' -exec rm -f {} + find . -name '*.pyc' -exec rm -f {} +
find . -name '*.pyo' -exec rm -f {} + find . -name '*.pyo' -exec rm -f {} +
@ -39,6 +51,3 @@ ebook:
@echo 'Requires X-forwarding for Qt features used in conversion (ssh -X).' @echo 'Requires X-forwarding for Qt features used in conversion (ssh -X).'
@echo 'Do not mind "Invalid value for ..." CSS errors if .mobi renders.' @echo 'Do not mind "Invalid value for ..." CSS errors if .mobi renders.'
ssh -X pocoo.org ebook-convert /var/www/flask.pocoo.org/docs/flask-docs.epub /var/www/flask.pocoo.org/docs/flask-docs.mobi --cover http://flask.pocoo.org/docs/_images/logo-full.png --authors 'Armin Ronacher' ssh -X pocoo.org ebook-convert /var/www/flask.pocoo.org/docs/flask-docs.epub /var/www/flask.pocoo.org/docs/flask-docs.mobi --cover http://flask.pocoo.org/docs/_images/logo-full.png --authors 'Armin Ronacher'
docs:
$(MAKE) -C docs html

4
README

@ -33,9 +33,9 @@
Good that you're asking. The tests are in the Good that you're asking. The tests are in the
tests/ folder. To run the tests use the tests/ folder. To run the tests use the
`py.test` testing tool: `pytest` testing tool:
$ py.test $ pytest
Details on contributing can be found in CONTRIBUTING.rst Details on contributing can be found in CONTRIBUTING.rst

BIN
docs/_static/debugger.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 121 KiB

After

Width:  |  Height:  |  Size: 203 KiB

BIN
docs/_static/flask.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 9.7 KiB

After

Width:  |  Height:  |  Size: 6.8 KiB

BIN
docs/_static/flaskr.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 52 KiB

After

Width:  |  Height:  |  Size: 65 KiB

BIN
docs/_static/logo-full.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 20 KiB

After

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/_static/no.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 317 B

After

Width:  |  Height:  |  Size: 259 B

BIN
docs/_static/pycharm-runconfig.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 17 KiB

BIN
docs/_static/touch-icon.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 3.5 KiB

After

Width:  |  Height:  |  Size: 1.3 KiB

BIN
docs/_static/yes.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 277 B

After

Width:  |  Height:  |  Size: 241 B

8
docs/_templates/sidebarintro.html vendored

@ -1,6 +1,6 @@
<h3>About Flask</h3> <h3>About Flask</h3>
<p> <p>
Flask is a micro webdevelopment framework for Python. You are currently Flask is a micro web development framework for Python. You are currently
looking at the documentation of the development version. looking at the documentation of the development version.
</p> </p>
<h3>Other Formats</h3> <h3>Other Formats</h3>
@ -16,7 +16,7 @@
<h3>Useful Links</h3> <h3>Useful Links</h3>
<ul> <ul>
<li><a href="http://flask.pocoo.org/">The Flask Website</a></li> <li><a href="http://flask.pocoo.org/">The Flask Website</a></li>
<li><a href="http://pypi.python.org/pypi/Flask">Flask @ PyPI</a></li> <li><a href="https://pypi.python.org/pypi/Flask">Flask @ PyPI</a></li>
<li><a href="http://github.com/pallets/flask">Flask @ GitHub</a></li> <li><a href="https://github.com/pallets/flask">Flask @ GitHub</a></li>
<li><a href="http://github.com/pallets/flask/issues">Issue Tracker</a></li> <li><a href="https://github.com/pallets/flask/issues">Issue Tracker</a></li>
</ul> </ul>

1
docs/_themes

@ -1 +0,0 @@
Subproject commit 3d964b660442e23faedf801caed6e3c7bd42d5c9

8
docs/advanced_foreword.rst

@ -45,11 +45,3 @@ spam, links to malicious software, and the like.
Flask is no different from any other framework in that you the developer must Flask is no different from any other framework in that you the developer must
build with caution, watching for exploits when building to your requirements. build with caution, watching for exploits when building to your requirements.
Python 3 Support in Flask
-------------------------
Flask, its dependencies, and most Flask extensions all support Python 3.
If you want to use Flask with Python 3 have a look at the :ref:`python3-support` page.
Continue to :ref:`installation` or the :ref:`quickstart`.

91
docs/api.rst

@ -30,61 +30,12 @@ Incoming Request Data
.. autoclass:: Request .. autoclass:: Request
:members: :members:
:inherited-members:
.. attribute:: form
A :class:`~werkzeug.datastructures.MultiDict` with the parsed form data from ``POST``
or ``PUT`` requests. Please keep in mind that file uploads will not
end up here, but instead in the :attr:`files` attribute.
.. attribute:: args
A :class:`~werkzeug.datastructures.MultiDict` with the parsed contents of the query
string. (The part in the URL after the question mark).
.. attribute:: values
A :class:`~werkzeug.datastructures.CombinedMultiDict` with the contents of both
:attr:`form` and :attr:`args`.
.. attribute:: cookies
A :class:`dict` with the contents of all cookies transmitted with
the request.
.. attribute:: stream
If the incoming form data was not encoded with a known mimetype
the data is stored unmodified in this stream for consumption. Most
of the time it is a better idea to use :attr:`data` which will give
you that data as a string. The stream only returns the data once.
.. attribute:: headers
The incoming request headers as a dictionary like object.
.. attribute:: data
Contains the incoming request data as string in case it came with
a mimetype Flask does not handle.
.. attribute:: files
A :class:`~werkzeug.datastructures.MultiDict` with files uploaded as part of a
``POST`` or ``PUT`` request. Each file is stored as
:class:`~werkzeug.datastructures.FileStorage` object. It basically behaves like a
standard file object you know from Python, with the difference that
it also has a :meth:`~werkzeug.datastructures.FileStorage.save` function that can
store the file on the filesystem.
.. attribute:: environ .. attribute:: environ
The underlying WSGI environment. The underlying WSGI environment.
.. attribute:: method
The current request method (``POST``, ``GET`` etc.)
.. attribute:: path .. attribute:: path
.. attribute:: full_path .. attribute:: full_path
.. attribute:: script_root .. attribute:: script_root
@ -114,15 +65,8 @@ Incoming Request Data
`url_root` ``u'http://www.example.com/myapplication/'`` `url_root` ``u'http://www.example.com/myapplication/'``
============= ====================================================== ============= ======================================================
.. attribute:: is_xhr
``True`` if the request was triggered via a JavaScript .. attribute:: request
`XMLHttpRequest`. This only works with libraries that support the
``X-Requested-With`` header and set it to `XMLHttpRequest`.
Libraries that do that are prototype, jQuery and Mochikit and
probably some more.
.. class:: request
To access incoming request data, you can use the global `request` To access incoming request data, you can use the global `request`
object. Flask parses incoming request data for you and gives you object. Flask parses incoming request data for you and gives you
@ -141,7 +85,7 @@ Response Objects
---------------- ----------------
.. autoclass:: flask.Response .. autoclass:: flask.Response
:members: set_cookie, data, mimetype :members: set_cookie, data, mimetype, is_json, get_json
.. attribute:: headers .. attribute:: headers
@ -159,12 +103,12 @@ Response Objects
Sessions Sessions
-------- --------
If you have the :attr:`Flask.secret_key` set you can use sessions in Flask If you have set :attr:`Flask.secret_key` (or configured it from
applications. A session basically makes it possible to remember :data:`SECRET_KEY`) you can use sessions in Flask applications. A session makes
information from one request to another. The way Flask does this is by it possible to remember information from one request to another. The way Flask
using a signed cookie. So the user can look at the session contents, but does this is by using a signed cookie. The user can look at the session
not modify it unless they know the secret key, so make sure to set that contents, but can't modify it unless they know the secret key, so make sure to
to something complex and unguessable. set that to something complex and unguessable.
To access the current session you can use the :class:`session` object: To access the current session you can use the :class:`session` object:
@ -227,18 +171,6 @@ implementation that Flask is using.
.. autoclass:: SessionMixin .. autoclass:: SessionMixin
:members: :members:
.. autodata:: session_json_serializer
This object provides dumping and loading methods similar to simplejson
but it also tags certain builtin Python objects that commonly appear in
sessions. Currently the following extended values are supported in
the JSON it dumps:
- :class:`~markupsafe.Markup` objects
- :class:`~uuid.UUID` objects
- :class:`~datetime.datetime` objects
- :class:`tuple`\s
.. admonition:: Notice .. admonition:: Notice
The ``PERMANENT_SESSION_LIFETIME`` config key can also be an integer The ``PERMANENT_SESSION_LIFETIME`` config key can also be an integer
@ -410,6 +342,8 @@ you are using Flask 0.10 which implies that:
.. autoclass:: JSONDecoder .. autoclass:: JSONDecoder
:members: :members:
.. automodule:: flask.json.tag
Template Rendering Template Rendering
------------------ ------------------
@ -705,6 +639,7 @@ The following signals exist in Flask:
.. _blinker: https://pypi.python.org/pypi/blinker .. _blinker: https://pypi.python.org/pypi/blinker
.. _class-based-views:
Class-Based Views Class-Based Views
----------------- -----------------
@ -879,6 +814,8 @@ Command Line Interface
.. autoclass:: ScriptInfo .. autoclass:: ScriptInfo
:members: :members:
.. autofunction:: load_dotenv
.. autofunction:: with_appcontext .. autofunction:: with_appcontext
.. autofunction:: pass_script_info .. autofunction:: pass_script_info

56
docs/appcontext.rst

@ -5,31 +5,37 @@ The Application Context
.. versionadded:: 0.9 .. versionadded:: 0.9
One of the design ideas behind Flask is that there are two different One of the design ideas behind Flask is that there are at least two
“states” in which code is executed. The application setup state in which different “states” in which code is executed:
the application implicitly is on the module level. It starts when the
:class:`Flask` object is instantiated, and it implicitly ends when the 1. The application setup state, in which the application implicitly is
first request comes in. While the application is in this state a few on the module level.
assumptions are true:
This state starts when the :class:`Flask` object is instantiated, and
- the programmer can modify the application object safely. it implicitly ends when the first request comes in. While the
- no request handling happened so far application is in this state, a few assumptions are true:
- you have to have a reference to the application object in order to
modify it, there is no magic proxy that can give you a reference to - the programmer can modify the application object safely.
the application object you're currently creating or modifying. - no request handling happened so far
- you have to have a reference to the application object in order to
In contrast, during request handling, a couple of other rules exist: modify it, there is no magic proxy that can give you a reference to
the application object you're currently creating or modifying.
- while a request is active, the context local objects
(:data:`flask.request` and others) point to the current request. 2. In contrast, in the request handling state, a couple of other rules
- any code can get hold of these objects at any time. exist:
There is a third state which is sitting in between a little bit. - while a request is active, the context local objects
Sometimes you are dealing with an application in a way that is similar to (:data:`flask.request` and others) point to the current request.
how you interact with applications during request handling; just that there - any code can get hold of these objects at any time.
is no request active. Consider, for instance, that you're sitting in an
interactive Python shell and interacting with the application, or a 3. There is also a third state somewhere in between 'module-level' and
command line application. 'request-handling':
Sometimes you are dealing with an application in a way that is similar to
how you interact with applications during request handling, but without
there being an active request. Consider, for instance, that you're
sitting in an interactive Python shell and interacting with the
application, or a command line application.
The application context is what powers the :data:`~flask.current_app` The application context is what powers the :data:`~flask.current_app`
context local. context local.

18
docs/blueprints.rst

@ -245,4 +245,22 @@ Here is an example for a "404 Page Not Found" exception::
def page_not_found(e): def page_not_found(e):
return render_template('pages/404.html') return render_template('pages/404.html')
Most errorhandlers will simply work as expected; however, there is a caveat
concerning handlers for 404 and 405 exceptions. These errorhandlers are only
invoked from an appropriate ``raise`` statement or a call to ``abort`` in another
of the blueprint's view functions; they are not invoked by, e.g., an invalid URL
access. This is because the blueprint does not "own" a certain URL space, so
the application instance has no way of knowing which blueprint errorhandler it
should run if given an invalid URL. If you would like to execute different
handling strategies for these errors based on URL prefixes, they may be defined
at the application level using the ``request`` proxy object::
@app.errorhandler(404)
@app.errorhandler(405)
def _handle_api_error(ex):
if request.path.startswith('/api/'):
return jsonify_error(ex)
else:
return ex
More information on error handling see :ref:`errorpages`. More information on error handling see :ref:`errorpages`.

2
docs/changelog.rst

@ -1 +1 @@
.. include:: ../CHANGES .. include:: ../CHANGES.rst

522
docs/cli.rst

@ -1,89 +1,216 @@
.. currentmodule:: flask
.. _cli: .. _cli:
Command Line Interface Command Line Interface
====================== ======================
.. versionadded:: 0.11 Installing Flask installs the ``flask`` script, a `Click`_ command line
interface, in your virtualenv. Executed from the terminal, this script gives
access to built-in, extension, and application-defined commands. The ``--help``
option will give more information about any commands and options.
.. currentmodule:: flask .. _Click: http://click.pocoo.org/
One of the nice new features in Flask 0.11 is the built-in integration of
the `click <http://click.pocoo.org/>`_ command line interface. This
enables a wide range of new features for the Flask ecosystem and your own
applications.
Basic Usage Application Discovery
----------- ---------------------
After installation of Flask you will now find a :command:`flask` script The ``flask`` command is installed by Flask, not your application; it must be
installed into your virtualenv. If you don't want to install Flask or you told where to find your application in order to use it. The ``FLASK_APP``
have a special use-case you can also use ``python -m flask`` to accomplish environment variable is used to specify how to load the application.
exactly the same.
The way this script works is by providing access to all the commands on Unix Bash (Linux, Mac, etc.)::
your Flask application's :attr:`Flask.cli` instance as well as some
built-in commands that are always there. Flask extensions can also
register more commands there if they desire so.
For the :command:`flask` script to work, an application needs to be $ export FLASK_APP=hello
discovered. This is achieved by exporting the ``FLASK_APP`` environment $ flask run
variable. It can be either set to an import path or to a filename of a
Python module that contains a Flask application.
In that imported file the name of the app needs to be called ``app`` or Windows CMD::
optionally be specified after a colon. For instance
``mymodule:application`` would tell it to use the `application` object in
the :file:`mymodule.py` file.
Given a :file:`hello.py` file with the application in it named ``app`` > set FLASK_APP=hello
this is how it can be run. > flask run
Environment variables (On Windows use ``set`` instead of ``export``):: Windows PowerShell::
export FLASK_APP=hello > $env:FLASK_APP = "hello"
flask run > flask run
While ``FLASK_APP`` supports a variety of options for specifying your
application, most use cases should be simple. Here are the typical values:
(nothing)
The file :file:`wsgi.py` is imported, automatically detecting an app
(``app``). This provides an easy way to create an app from a factory with
extra arguments.
``FLASK_APP=hello``
The name is imported, automatically detecting an app (``app``) or factory
(``create_app``).
----
``FLASK_APP`` has three parts: an optional path that sets the current working
directory, a Python file or dotted import path, and an optional variable
name of the instance or factory. If the name is a factory, it can optionally
be followed by arguments in parentheses. The following values demonstrate these
parts:
``FLASK_APP=src/hello``
Sets the current working directory to ``src`` then imports ``hello``.
``FLASK_APP=hello.web``
Imports the path ``hello.web``.
``FLASK_APP=hello:app2``
Uses the ``app2`` Flask instance in ``hello``.
``FLASK_APP="hello:create_app('dev')"``
The ``create_app`` factory in ``hello`` is called with the string ``'dev'``
as the argument.
If ``FLASK_APP`` is not set, the command will look for a file called
:file:`wsgi.py` or :file:`app.py` and try to detect an application instance or
factory.
Within the given import, the command looks for an application instance named
``app`` or ``application``, then any application instance. If no instance is
found, the command looks for a factory function named ``create_app`` or
``make_app`` that returns an instance.
When calling an application factory, if the factory takes an argument named
``info``, then the :class:`~cli.ScriptInfo` instance is passed as a keyword
argument. If parentheses follow the factory name, their contents are parsed
as Python literals and passes as arguments to the function. This means that
strings must still be in quotes.
Run the Development Server
--------------------------
The :func:`run <cli.run_command>` command will start the development server. It
replaces the :meth:`Flask.run` method in most cases. ::
$ flask run
* Serving Flask app "hello"
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
.. warning:: Do not use this command to run your application in production.
Only use the development server during development. The development server
is provided for convenience, but is not designed to be particularly secure,
stable, or efficient. See :ref:`deployment` for how to run in production.
Open a Shell
------------
To explore the data in your application, you can start an interactive Python
shell with the :func:`shell <cli.shell_command>` command. An application
context will be active, and the app instance will be imported. ::
$ flask shell
Python 3.6.2 (default, Jul 20 2017, 03:52:27)
[GCC 7.1.1 20170630] on linux
App: example
Instance: /home/user/Projects/hello/instance
>>>
Use :meth:`~Flask.shell_context_processor` to add other automatic imports.
Or with a filename::
export FLASK_APP=/path/to/hello.py Environments
flask run ------------
Virtualenv Integration .. versionadded:: 1.0
----------------------
If you are constantly working with a virtualenv you can also put the The environment in which the Flask app runs is set by the
``export FLASK_APP`` into your ``activate`` script by adding it to the :envvar:`FLASK_ENV` environment variable. If not set it defaults to
bottom of the file. That way every time you activate your virtualenv you ``production``. The other recognized environment is ``development``.
automatically also activate the correct application name. Flask and extensions may choose to enable behaviors based on the
environment.
Debug Flag If the env is set to ``development``, the ``flask`` command will enable
debug mode and ``flask run`` will enable the interactive debugger and
reloader.
::
$ FLASK_ENV=development flask run
* Serving Flask app "hello"
* Environment: development
* Debug mode: on
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
* Restarting with inotify reloader
* Debugger is active!
* Debugger PIN: 223-456-919
Debug Mode
---------- ----------
The :command:`flask` script can also be instructed to enable the debug Debug mode will be enabled when :envvar:`FLASK_ENV` is ``development``,
mode of the application automatically by exporting ``FLASK_DEBUG``. If as described above. If you want to control debug mode separately, use
set to ``1`` debug is enabled or ``0`` disables it:: :envvar:`FLASK_DEBUG`. The value ``1`` enables it, ``0`` disables it.
export FLASK_DEBUG=1
Running a Shell .. _dotenv:
---------------
Environment Variables From dotenv
---------------------------------
Rather than setting ``FLASK_APP`` each time you open a new terminal, you can
use Flask's dotenv support to set environment variables automatically.
If `python-dotenv`_ is installed, running the ``flask`` command will set
environment variables defined in the files :file:`.env` and :file:`.flaskenv`.
This can be used to avoid having to set ``FLASK_APP`` manually every time you
open a new terminal, and to set configuration using environment variables
similar to how some deployment services work.
Variables set on the command line are used over those set in :file:`.env`,
which are used over those set in :file:`.flaskenv`. :file:`.flaskenv` should be
used for public variables, such as ``FLASK_APP``, while :file:`.env` should not
be committed to your repository so that it can set private variables.
Directories are scanned upwards from the directory you call ``flask``
from to locate the files. The current working directory will be set to the
location of the file, with the assumption that that is the top level project
directory.
The files are only loaded by the ``flask`` command or calling
:meth:`~Flask.run`. If you would like to load these files when running in
production, you should call :func:`~cli.load_dotenv` manually.
.. _python-dotenv: https://github.com/theskumar/python-dotenv#readme
To run an interactive Python shell you can use the ``shell`` command:: Environment Variables From virtualenv
-------------------------------------
flask shell If you do not want to install dotenv support, you can still set environment
variables by adding them to the end of the virtualenv's :file:`activate`
script. Activating the virtualenv will set the variables.
Unix Bash, :file:`venv/bin/activate`::
export FLASK_APP=hello
Windows CMD, :file:`venv\\Scripts\\activate.bat`::
set FLASK_APP=hello
It is preferred to use dotenv support over this, since :file:`.flaskenv` can be
committed to the repository so that it works automatically wherever the project
is checked out.
This will start up an interactive Python shell, setup the correct
application context and setup the local variables in the shell. This is
done by invoking the :meth:`Flask.make_shell_context` method of the
application. By default you have access to your ``app`` and :data:`g`.
Custom Commands Custom Commands
--------------- ---------------
If you want to add more commands to the shell script you can do this The ``flask`` command is implemented using `Click`_. See that project's
easily. Flask uses `click`_ for the command interface which makes documentation for full information about writing commands.
creating custom commands very easy. For instance if you want a shell
command to initialize the database you can do this:: This example adds the command ``create_user`` that takes the argument
``name``. ::
import click import click
from flask import Flask from flask import Flask
@ -91,158 +218,207 @@ command to initialize the database you can do this::
app = Flask(__name__) app = Flask(__name__)
@app.cli.command() @app.cli.command()
def initdb(): @click.argument('name')
"""Initialize the database.""" def create_user(name):
click.echo('Init the db') ...
::
flask create_user admin
This example adds the same command, but as ``user create``, a command in a
group. This is useful if you want to organize multiple related commands. ::
import click
from flask import Flask
from flask.cli import AppGroup
app = Flask(__name__)
user_cli = AppGroup('user')
@user_cli.command('create')
@click.argument('name')
def create_user(name):
...
app.cli.add_command(user_cli)
::
The command will then show up on the command line:: flask user create demo
See :ref:`testing-cli` for an overview of how to test your custom
commands.
$ flask initdb
Init the db
Application Context Application Context
------------------- ~~~~~~~~~~~~~~~~~~~
Commands added using the Flask app's :attr:`~Flask.cli`
:meth:`~cli.AppGroup.command` decorator will be executed with an application
context pushed, so your command and extensions have access to the app and its
configuration. If you create a command using the Click :func:`~click.command`
decorator instead of the Flask decorator, you can use
:func:`~cli.with_appcontext` to get the same behavior. ::
import click
from flask.cli import with_appcontext
@click.command
@with_appcontext
def do_work():
...
Most commands operate on the application so it makes a lot of sense if app.cli.add_command(do_work)
they have the application context setup. Because of this, if you register
a callback on ``app.cli`` with the :meth:`~flask.cli.AppGroup.command` the
callback will automatically be wrapped through :func:`cli.with_appcontext`
which informs the cli system to ensure that an application context is set
up. This behavior is not available if a command is added later with
:func:`~click.Group.add_command` or through other means.
It can also be disabled by passing ``with_appcontext=False`` to the If you're sure a command doesn't need the context, you can disable it::
decorator::
@app.cli.command(with_appcontext=False) @app.cli.command(with_appcontext=False)
def example(): def do_work():
pass ...
Factory Functions
-----------------
In case you are using factory functions to create your application (see Plugins
:ref:`app-factories`) you will discover that the :command:`flask` command -------
cannot work with them directly. Flask won't be able to figure out how to
instantiate your application properly by itself. Because of this reason
the recommendation is to create a separate file that instantiates
applications. This is not the only way to make this work. Another is the
:ref:`custom-scripts` support.
For instance if you have a factory function that creates an application Flask will automatically load commands specified in the ``flask.commands``
from a filename you could make a separate file that creates such an `entry point`_. This is useful for extensions that want to add commands when
application from an environment variable. they are installed. Entry points are specified in :file:`setup.py` ::
from setuptools import setup
This could be a file named :file:`autoapp.py` with these contents:: setup(
name='flask-my-extension',
...,
entry_points={
'flask.commands': [
'my-command=flask_my_extension.commands:cli'
],
},
)
import os
from yourapplication import create_app
app = create_app(os.environ['YOURAPPLICATION_CONFIG'])
Once this has happened you can make the flask command automatically pick .. _entry point: https://packaging.python.org/tutorials/distributing-packages/#entry-points
it up::
Inside :file:`flask_my_extension/commands.py` you can then export a Click
object::
import click
@click.command()
def cli():
...
export YOURAPPLICATION_CONFIG=/path/to/config.cfg Once that package is installed in the same virtualenv as your Flask project,
export FLASK_APP=/path/to/autoapp.py you can run ``flask my-command`` to invoke the command.
From this point onwards :command:`flask` will find your application.
.. _custom-scripts: .. _custom-scripts:
Custom Scripts Custom Scripts
-------------- --------------
While the most common way is to use the :command:`flask` command, you can When you are using the app factory pattern, it may be more convenient to define
also make your own "driver scripts". Since Flask uses click for the your own Click script. Instead of using ``FLASK_APP`` and letting Flask load
scripts there is no reason you cannot hook these scripts into any click your application, you can create your own Click object and export it as a
application. There is one big caveat and that is, that commands `console script`_ entry point.
registered to :attr:`Flask.cli` will expect to be (indirectly at least)
launched from a :class:`flask.cli.FlaskGroup` click group. This is Create an instance of :class:`~cli.FlaskGroup` and pass it the factory::
necessary so that the commands know which Flask application they have to
work with.
To understand why you might want custom scripts you need to understand how
click finds and executes the Flask application. If you use the
:command:`flask` script you specify the application to work with on the
command line or environment variable as an import name. This is simple
but it has some limitations. Primarily it does not work with application
factory functions (see :ref:`app-factories`).
With a custom script you don't have this problem as you can fully
customize how the application will be created. This is very useful if you
write reusable applications that you want to ship to users and they should
be presented with a custom management script.
To explain all of this, here is an example :file:`manage.py` script that
manages a hypothetical wiki application. We will go through the details
afterwards::
import os
import click import click
from flask import Flask
from flask.cli import FlaskGroup from flask.cli import FlaskGroup
def create_wiki_app(info): def create_app():
from yourwiki import create_app app = Flask('wiki')
return create_app( # other setup
config=os.environ.get('WIKI_CONFIG', 'wikiconfig.py')) return app
@click.group(cls=FlaskGroup, create_app=create_wiki_app) @click.group(cls=FlaskGroup, create_app=create_app)
def cli(): def cli():
"""This is a management script for the wiki application.""" """Management script for the Wiki application."""
if __name__ == '__main__': Define the entry point in :file:`setup.py`::
cli()
That's a lot of code for not much, so let's go through all parts step by
step.
1. First we import the ``click`` library as well as the click extensions
from the ``flask.cli`` package. Primarily we are here interested
in the :class:`~flask.cli.FlaskGroup` click group.
2. The next thing we do is defining a function that is invoked with the
script info object (:class:`~flask.cli.ScriptInfo`) from Flask and its
purpose is to fully import and create the application. This can
either directly import an application object or create it (see
:ref:`app-factories`). In this case we load the config from an
environment variable.
3. Next step is to create a :class:`FlaskGroup`. In this case we just
make an empty function with a help doc string that just does nothing
and then pass the ``create_wiki_app`` function as a factory function.
Whenever click now needs to operate on a Flask application it will
call that function with the script info and ask for it to be created.
4. All is rounded up by invoking the script.
CLI Plugins
-----------
Flask extensions can always patch the :attr:`Flask.cli` instance with more
commands if they want. However there is a second way to add CLI plugins
to Flask which is through ``setuptools``. If you make a Python package that
should export a Flask command line plugin you can ship a :file:`setup.py` file
that declares an entrypoint that points to a click command:
Example :file:`setup.py`::
from setuptools import setup from setuptools import setup
setup( setup(
name='flask-my-extension', name='flask-my-extension',
... ...,
entry_points=''' entry_points={
[flask.commands] 'console_scripts': [
my-command=mypackage.commands:cli 'wiki=wiki:cli'
''', ],
},
) )
Inside :file:`mypackage/commands.py` you can then export a Click object:: Install the application in the virtualenv in editable mode and the custom
script is available. Note that you don't need to set ``FLASK_APP``. ::
import click $ pip install -e .
$ wiki run
@click.command() .. admonition:: Errors in Custom Scripts
def cli():
"""This is an example command.""" When using a custom script, if you introduce an error in your
module-level code, the reloader will fail because it can no longer
load the entry point.
The ``flask`` command, being separate from your code, does not have
this issue and is recommended in most cases.
.. _console script: https://packaging.python.org/tutorials/distributing-packages/#console-scripts
PyCharm Integration
-------------------
Prior to PyCharm 2018.1, the Flask CLI features weren't yet fully
integrated into PyCharm. We have to do a few tweaks to get them working
smoothly. These instructions should be similar for any other IDE you
might want to use.
In PyCharm, with your project open, click on *Run* from the menu bar and
go to *Edit Configurations*. You'll be greeted by a screen similar to
this:
.. image:: _static/pycharm-runconfig.png
:align: center
:class: screenshot
:alt: screenshot of pycharm's run configuration settings
There's quite a few options to change, but once we've done it for one
command, we can easily copy the entire configuration and make a single
tweak to give us access to other commands, including any custom ones you
may implement yourself.
Click the + (*Add New Configuration*) button and select *Python*. Give
the configuration a good descriptive name such as "Run Flask Server".
For the ``flask run`` command, check "Single instance only" since you
can't run the server more than once at the same time.
Select *Module name* from the dropdown (**A**) then input ``flask``.
The *Parameters* field (**B**) is set to the CLI command to execute
(with any arguments). In this example we use ``run``, which will run
the development server.
You can skip this next step if you're using :ref:`dotenv`. We need to
add an environment variable (**C**) to identify our application. Click
on the browse button and add an entry with ``FLASK_APP`` on the left and
the Python import or file on the right (``hello`` for example).
Next we need to set the working directory (**D**) to be the folder where
our application resides.
If you have installed your project as a package in your virtualenv, you
may untick the *PYTHONPATH* options (**E**). This will more accurately
match how you deploy the app later.
Click *Apply* to save the configuration, or *OK* to save and close the
window. Select the configuration in the main PyCharm window and click
the play button next to it to run the server.
Once that package is installed in the same virtualenv as Flask itself you Now that we have a configuration which runs ``flask run`` from within
can run ``flask my-command`` to invoke your command. This is useful to PyCharm, we can copy that configuration and alter the *Script* argument
provide extra functionality that Flask itself cannot ship. to run a different CLI command, e.g. ``flask shell``.

43
docs/conf.py

@ -11,15 +11,17 @@
# All configuration values have a default; values that are commented out # All configuration values have a default; values that are commented out
# serve to show the default. # serve to show the default.
from __future__ import print_function from __future__ import print_function
from datetime import datetime
import os import os
import sys import sys
import pkg_resources import pkg_resources
import time
import datetime
BUILD_DATE = datetime.datetime.utcfromtimestamp(int(os.environ.get('SOURCE_DATE_EPOCH', time.time())))
# If extensions (or modules to document with autodoc) are in another directory, # If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the # add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here. # documentation root, use os.path.abspath to make it absolute, like shown here.
sys.path.append(os.path.join(os.path.dirname(__file__), '_themes'))
sys.path.append(os.path.dirname(__file__)) sys.path.append(os.path.dirname(__file__))
# -- General configuration ----------------------------------------------------- # -- General configuration -----------------------------------------------------
@ -35,6 +37,14 @@ extensions = [
'flaskdocext' 'flaskdocext'
] ]
try:
__import__('sphinxcontrib.log_cabinet')
except ImportError:
print('sphinxcontrib-log-cabinet is not installed.')
print('Changelog directives will not be re-organized.')
else:
extensions.append('sphinxcontrib.log_cabinet')
# Add any paths that contain templates here, relative to this directory. # Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates'] templates_path = ['_templates']
@ -49,7 +59,7 @@ master_doc = 'index'
# General information about the project. # General information about the project.
project = u'Flask' project = u'Flask'
copyright = u'2010 - {0}, Armin Ronacher'.format(datetime.utcnow().year) copyright = u'2010 - {0}, Armin Ronacher'.format(BUILD_DATE.year)
# The version info for the project you're documenting, acts as replacement for # The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the # |version| and |release|, also used in various other places throughout the
@ -110,7 +120,7 @@ exclude_patterns = ['_build']
# html_theme_options = {} # html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory. # Add any paths that contain custom themes here, relative to this directory.
html_theme_path = ['_themes'] # html_theme_path = ['_themes']
# The name for this set of Sphinx documents. If None, it defaults to # The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation". # "<project> v<release> documentation".
@ -231,7 +241,7 @@ latex_additional_files = ['flaskstyle.sty', 'logo.pdf']
# The scheme of the identifier. Typical schemes are ISBN or URL. # The scheme of the identifier. Typical schemes are ISBN or URL.
#epub_scheme = '' #epub_scheme = ''
# The unique identifier of the text. This can be a ISBN number # The unique identifier of the text. This can be an ISBN number
# or the project homepage. # or the project homepage.
#epub_identifier = '' #epub_identifier = ''
@ -257,26 +267,15 @@ intersphinx_mapping = {
'werkzeug': ('http://werkzeug.pocoo.org/docs/', None), 'werkzeug': ('http://werkzeug.pocoo.org/docs/', None),
'click': ('http://click.pocoo.org/', None), 'click': ('http://click.pocoo.org/', None),
'jinja': ('http://jinja.pocoo.org/docs/', None), 'jinja': ('http://jinja.pocoo.org/docs/', None),
'sqlalchemy': ('http://docs.sqlalchemy.org/en/latest/', None), 'itsdangerous': ('https://pythonhosted.org/itsdangerous', None),
'sqlalchemy': ('https://docs.sqlalchemy.org/en/latest/', None),
'wtforms': ('https://wtforms.readthedocs.io/en/latest/', None), 'wtforms': ('https://wtforms.readthedocs.io/en/latest/', None),
'blinker': ('https://pythonhosted.org/blinker/', None) 'blinker': ('https://pythonhosted.org/blinker/', None),
} }
try: html_theme_options = {
__import__('flask_theme_support') 'touch_icon': 'touch-icon.png'
pygments_style = 'flask_theme_support.FlaskyStyle' }
html_theme = 'flask'
html_theme_options = {
'touch_icon': 'touch-icon.png'
}
except ImportError:
print('-' * 74)
print('Warning: Flask themes unavailable. Building with default theme')
print('If you want the Flask themes, run this command and build again:')
print()
print(' git submodule update --init')
print('-' * 74)
# unwrap decorators # unwrap decorators
def unwrap_decorators(): def unwrap_decorators():

536
docs/config.rst

@ -3,8 +3,6 @@
Configuration Handling Configuration Handling
====================== ======================
.. versionadded:: 0.3
Applications need some kind of configuration. There are different settings Applications need some kind of configuration. There are different settings
you might want to change depending on the application environment like you might want to change depending on the application environment like
toggling the debug mode, setting the secret key, and other such toggling the debug mode, setting the secret key, and other such
@ -22,6 +20,7 @@ object. This is the place where Flask itself puts certain configuration
values and also where extensions can put their configuration values. But values and also where extensions can put their configuration values. But
this is also where you can have your own configuration. this is also where you can have your own configuration.
Configuration Basics Configuration Basics
-------------------- --------------------
@ -29,193 +28,319 @@ The :attr:`~flask.Flask.config` is actually a subclass of a dictionary and
can be modified just like any dictionary:: can be modified just like any dictionary::
app = Flask(__name__) app = Flask(__name__)
app.config['DEBUG'] = True app.config['TESTING'] = True
Certain configuration values are also forwarded to the Certain configuration values are also forwarded to the
:attr:`~flask.Flask` object so you can read and write them from there:: :attr:`~flask.Flask` object so you can read and write them from there::
app.debug = True app.testing = True
To update multiple keys at once you can use the :meth:`dict.update` To update multiple keys at once you can use the :meth:`dict.update`
method:: method::
app.config.update( app.config.update(
DEBUG=True, TESTING=True,
SECRET_KEY='...' SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/'
) )
Environment and Debug Features
------------------------------
The :data:`ENV` and :data:`DEBUG` config values are special because they
may behave inconsistently if changed after the app has begun setting up.
In order to set the environment and debug mode reliably, Flask uses
environment variables.
The environment is used to indicate to Flask, extensions, and other
programs, like Sentry, what context Flask is running in. It is
controlled with the :envvar:`FLASK_ENV` environment variable and
defaults to ``production``.
Setting :envvar:`FLASK_ENV` to ``development`` will enable debug mode.
``flask run`` will use the interactive debugger and reloader by default
in debug mode. To control this separately from the environment, use the
:envvar:`FLASK_DEBUG` flag.
.. versionchanged:: 1.0
Added :envvar:`FLASK_ENV` to control the environment separately
from debug mode. The development environment enables debug mode.
To switch Flask to the development environment and enable debug mode,
set :envvar:`FLASK_ENV`::
$ export FLASK_ENV=development
$ flask run
(On Windows, use ``set`` instead of ``export``.)
Using the environment variables as described above is recommended. While
it is possible to set :data:`ENV` and :data:`DEBUG` in your config or
code, this is strongly discouraged. They can't be read early by the
``flask`` command, and some systems or extensions may have already
configured themselves based on a previous value.
Builtin Configuration Values Builtin Configuration Values
---------------------------- ----------------------------
The following configuration values are used internally by Flask: The following configuration values are used internally by Flask:
.. tabularcolumns:: |p{6.5cm}|p{8.5cm}| .. py:data:: ENV
================================= ========================================= What environment the app is running in. Flask and extensions may
``DEBUG`` enable/disable debug mode enable behaviors based on the environment, such as enabling debug
``TESTING`` enable/disable testing mode mode. The :attr:`~flask.Flask.env` attribute maps to this config
``PROPAGATE_EXCEPTIONS`` explicitly enable or disable the key. This is set by the :envvar:`FLASK_ENV` environment variable and
propagation of exceptions. If not set or may not behave as expected if set in code.
explicitly set to ``None`` this is
implicitly true if either ``TESTING`` or **Do not enable development when deploying in production.**
``DEBUG`` is true.
``PRESERVE_CONTEXT_ON_EXCEPTION`` By default if the application is in Default: ``'production'``
debug mode the request context is not
popped on exceptions to enable debuggers .. versionadded:: 1.0
to introspect the data. This can be
disabled by this key. You can also use .. py:data:: DEBUG
this setting to force-enable it for non
debug execution which might be useful to Whether debug mode is enabled. When using ``flask run`` to start the
debug production applications (but also development server, an interactive debugger will be shown for
very risky). unhandled exceptions, and the server will be reloaded when code
``SECRET_KEY`` the secret key changes. The :attr:`~flask.Flask.debug` attribute maps to this
``SESSION_COOKIE_NAME`` the name of the session cookie config key. This is enabled when :data:`ENV` is ``'development'``
``SESSION_COOKIE_DOMAIN`` the domain for the session cookie. If and is overridden by the ``FLASK_DEBUG`` environment variable. It
this is not set, the cookie will be may not behave as expected if set in code.
valid for all subdomains of
``SERVER_NAME``. **Do not enable debug mode when deploying in production.**
``SESSION_COOKIE_PATH`` the path for the session cookie. If
this is not set the cookie will be valid Default: ``True`` if :data:`ENV` is ``'production'``, or ``False``
for all of ``APPLICATION_ROOT`` or if otherwise.
that is not set for ``'/'``.
``SESSION_COOKIE_HTTPONLY`` controls if the cookie should be set .. py:data:: TESTING
with the httponly flag. Defaults to
``True``. Enable testing mode. Exceptions are propagated rather than handled by the
``SESSION_COOKIE_SECURE`` controls if the cookie should be set the app's error handlers. Extensions may also change their behavior to
with the secure flag. Defaults to facilitate easier testing. You should enable this in your own tests.
``False``.
``PERMANENT_SESSION_LIFETIME`` the lifetime of a permanent session as Default: ``False``
:class:`datetime.timedelta` object.
Starting with Flask 0.8 this can also be .. py:data:: PROPAGATE_EXCEPTIONS
an integer representing seconds.
``SESSION_REFRESH_EACH_REQUEST`` this flag controls how permanent Exceptions are re-raised rather than being handled by the app's error
sessions are refreshed. If set to ``True`` handlers. If not set, this is implicitly true if ``TESTING`` or ``DEBUG``
(which is the default) then the cookie is enabled.
is refreshed each request which
automatically bumps the lifetime. If Default: ``None``
set to ``False`` a `set-cookie` header is
only sent if the session is modified. .. py:data:: PRESERVE_CONTEXT_ON_EXCEPTION
Non permanent sessions are not affected
by this. Don't pop the request context when an exception occurs. If not set, this
``USE_X_SENDFILE`` enable/disable x-sendfile is true if ``DEBUG`` is true. This allows debuggers to introspect the
``LOGGER_NAME`` the name of the logger request data on errors, and should normally not need to be set directly.
``LOGGER_HANDLER_POLICY`` the policy of the default logging
handler. The default is ``'always'`` Default: ``None``
which means that the default logging
handler is always active. ``'debug'`` .. py:data:: TRAP_HTTP_EXCEPTIONS
will only activate logging in debug
mode, ``'production'`` will only log in If there is no handler for an ``HTTPException``-type exception, re-raise it
production and ``'never'`` disables it to be handled by the interactive debugger instead of returning it as a
entirely. simple error response.
``SERVER_NAME`` the name and port number of the server.
Required for subdomain support (e.g.: Default: ``False``
``'myapp.dev:5000'``) Note that
localhost does not support subdomains so .. py:data:: TRAP_BAD_REQUEST_ERRORS
setting this to “localhost” does not
help. Setting a ``SERVER_NAME`` also Trying to access a key that doesn't exist from request dicts like ``args``
by default enables URL generation and ``form`` will return a 400 Bad Request error page. Enable this to treat
without a request context but with an the error as an unhandled exception instead so that you get the interactive
application context. debugger. This is a more specific version of ``TRAP_HTTP_EXCEPTIONS``. If
``APPLICATION_ROOT`` If the application does not occupy unset, it is enabled in debug mode.
a whole domain or subdomain this can
be set to the path where the application Default: ``None``
is configured to live. This is for
session cookie as path value. If .. py:data:: SECRET_KEY
domains are used, this should be
``None``. A secret key that will be used for securely signing the session cookie
``MAX_CONTENT_LENGTH`` If set to a value in bytes, Flask will and can be used for any other security related needs by extensions or your
reject incoming requests with a application. It should be a long random string of bytes, although unicode
content length greater than this by is accepted too. For example, copy the output of this to your config::
returning a 413 status code.
``SEND_FILE_MAX_AGE_DEFAULT`` Default cache control max age to use with python -c 'import os; print(os.urandom(16))'
:meth:`~flask.Flask.send_static_file` (the b'_5#y2L"F4Q8z\n\xec]/'
default static file handler) and
:func:`~flask.send_file`, as **Do not reveal the secret key when posting questions or committing code.**
:class:`datetime.timedelta` or as seconds.
Override this value on a per-file Default: ``None``
basis using the
:meth:`~flask.Flask.get_send_file_max_age` .. py:data:: SESSION_COOKIE_NAME
hook on :class:`~flask.Flask` or
:class:`~flask.Blueprint`, The name of the session cookie. Can be changed in case you already have a
respectively. Defaults to 43200 (12 hours). cookie with the same name.
``TRAP_HTTP_EXCEPTIONS`` If this is set to ``True`` Flask will
not execute the error handlers of HTTP Default: ``'session'``
exceptions but instead treat the
exception like any other and bubble it .. py:data:: SESSION_COOKIE_DOMAIN
through the exception stack. This is
helpful for hairy debugging situations The domain match rule that the session cookie will be valid for. If not
where you have to find out where an HTTP set, the cookie will be valid for all subdomains of ``SERVER_NAME``. If
exception is coming from. ``False``, the cookie's domain will not be set.
``TRAP_BAD_REQUEST_ERRORS`` Werkzeug's internal data structures that
deal with request specific data will Default: ``None``
raise special key errors that are also
bad request exceptions. Likewise many .. py:data:: SESSION_COOKIE_PATH
operations can implicitly fail with a
BadRequest exception for consistency. The path that the session cookie will be valid for. If not set, the cookie
Since it's nice for debugging to know will be valid underneath ``APPLICATION_ROOT`` or ``/`` if that is not set.
why exactly it failed this flag can be
used to debug those situations. If this Default: ``None``
config is set to ``True`` you will get
a regular traceback instead. .. py:data:: SESSION_COOKIE_HTTPONLY
``PREFERRED_URL_SCHEME`` The URL scheme that should be used for
URL generation if no URL scheme is Browsers will not allow JavaScript access to cookies marked as "HTTP only"
available. This defaults to ``http``. for security.
``JSON_AS_ASCII`` By default Flask serialize object to
ascii-encoded JSON. If this is set to Default: ``True``
``False`` Flask will not encode to ASCII
and output strings as-is and return .. py:data:: SESSION_COOKIE_SECURE
unicode strings. ``jsonify`` will
automatically encode it in ``utf-8`` Browsers will only send cookies with requests over HTTPS if the cookie is
then for transport for instance. marked "secure". The application must be served over HTTPS for this to make
``JSON_SORT_KEYS`` By default Flask will serialize JSON sense.
objects in a way that the keys are
ordered. This is done in order to Default: ``False``
ensure that independent of the hash seed
of the dictionary the return value will .. py:data:: SESSION_COOKIE_SAMESITE
be consistent to not trash external HTTP
caches. You can override the default Restrict how cookies are sent with requests from external sites. Can
behavior by changing this variable. be set to ``'Lax'`` (recommended) or ``'Strict'``.
This is not recommended but might give See :ref:`security-cookie`.
you a performance improvement on the
cost of cacheability. Default: ``None``
``JSONIFY_PRETTYPRINT_REGULAR`` If this is set to ``True`` (the default)
jsonify responses will be pretty printed .. versionadded:: 1.0
if they are not requested by an
XMLHttpRequest object (controlled by .. py:data:: PERMANENT_SESSION_LIFETIME
the ``X-Requested-With`` header)
``JSONIFY_MIMETYPE`` MIME type used for jsonify responses. If ``session.permanent`` is true, the cookie's expiration will be set this
``TEMPLATES_AUTO_RELOAD`` Whether to check for modifications of number of seconds in the future. Can either be a
the template source and reload it :class:`datetime.timedelta` or an ``int``.
automatically. By default the value is
``None`` which means that Flask checks Flask's default cookie implementation validates that the cryptographic
original file only in debug mode. signature is not older than this value.
``EXPLAIN_TEMPLATE_LOADING`` If this is enabled then every attempt to
load a template will write an info Default: ``timedelta(days=31)`` (``2678400`` seconds)
message to the logger explaining the
attempts to locate the template. This .. py:data:: SESSION_REFRESH_EACH_REQUEST
can be useful to figure out why
templates cannot be found or wrong Control whether the cookie is sent with every response when
templates appear to be loaded. ``session.permanent`` is true. Sending the cookie every time (the default)
================================= ========================================= can more reliably keep the session from expiring, but uses more bandwidth.
Non-permanent sessions are not affected.
.. admonition:: More on ``SERVER_NAME``
Default: ``True``
The ``SERVER_NAME`` key is used for the subdomain support. Because
Flask cannot guess the subdomain part without the knowledge of the .. py:data:: USE_X_SENDFILE
actual server name, this is required if you want to work with
subdomains. This is also used for the session cookie. When serving files, set the ``X-Sendfile`` header instead of serving the
data with Flask. Some web servers, such as Apache, recognize this and serve
Please keep in mind that not only Flask has the problem of not knowing the data more efficiently. This only makes sense when using such a server.
what subdomains are, your web browser does as well. Most modern web
browsers will not allow cross-subdomain cookies to be set on a Default: ``False``
server name without dots in it. So if your server name is
``'localhost'`` you will not be able to set a cookie for .. py:data:: SEND_FILE_MAX_AGE_DEFAULT
``'localhost'`` and every subdomain of it. Please choose a different
server name in that case, like ``'myapplication.local'`` and add When serving files, set the cache control max age to this number of
this name + the subdomains you want to use into your host config seconds. Can either be a :class:`datetime.timedelta` or an ``int``.
or setup a local `bind`_. Override this value on a per-file basis using
:meth:`~flask.Flask.get_send_file_max_age` on the application or blueprint.
.. _bind: https://www.isc.org/downloads/bind/
Default: ``timedelta(hours=12)`` (``43200`` seconds)
.. py:data:: SERVER_NAME
Inform the application what host and port it is bound to. Required for
subdomain route matching support.
If set, will be used for the session cookie domain if
``SESSION_COOKIE_DOMAIN`` is not set. Modern web browsers will not allow
setting cookies for domains without a dot. To use a domain locally,
add any names that should route to the app to your ``hosts`` file. ::
127.0.0.1 localhost.dev
If set, ``url_for`` can generate external URLs with only an application
context instead of a request context.
Default: ``None``
.. py:data:: APPLICATION_ROOT
Inform the application what path it is mounted under by the application /
web server.
Will be used for the session cookie path if ``SESSION_COOKIE_PATH`` is not
set.
Default: ``'/'``
.. py:data:: PREFERRED_URL_SCHEME
Use this scheme for generating external URLs when not in a request context.
Default: ``'http'``
.. py:data:: MAX_CONTENT_LENGTH
Don't read more than this many bytes from the incoming request data. If not
set and the request does not specify a ``CONTENT_LENGTH``, no data will be
read for security.
Default: ``None``
.. py:data:: JSON_AS_ASCII
Serialize objects to ASCII-encoded JSON. If this is disabled, the JSON
will be returned as a Unicode string, or encoded as ``UTF-8`` by
``jsonify``. This has security implications when rendering the JSON in
to JavaScript in templates, and should typically remain enabled.
Default: ``True``
.. py:data:: JSON_SORT_KEYS
Sort the keys of JSON objects alphabetically. This is useful for caching
because it ensures the data is serialized the same way no matter what
Python's hash seed is. While not recommended, you can disable this for a
possible performance improvement at the cost of caching.
Default: ``True``
.. py:data:: JSONIFY_PRETTYPRINT_REGULAR
``jsonify`` responses will be output with newlines, spaces, and indentation
for easier reading by humans. Always enabled in debug mode.
Default: ``False``
.. py:data:: JSONIFY_MIMETYPE
The mimetype of ``jsonify`` responses.
Default: ``'application/json'``
.. py:data:: TEMPLATES_AUTO_RELOAD
Reload templates when they are changed. If not set, it will be enabled in
debug mode.
Default: ``None``
.. py:data:: EXPLAIN_TEMPLATE_LOADING
Log debugging information tracing how a template file was loaded. This can
be useful to figure out why a template was not loaded or the wrong file
appears to be loaded.
Default: ``False``
.. versionadded:: 0.4 .. versionadded:: 0.4
``LOGGER_NAME`` ``LOGGER_NAME``
@ -245,6 +370,17 @@ The following configuration values are used internally by Flask:
``SESSION_REFRESH_EACH_REQUEST``, ``TEMPLATES_AUTO_RELOAD``, ``SESSION_REFRESH_EACH_REQUEST``, ``TEMPLATES_AUTO_RELOAD``,
``LOGGER_HANDLER_POLICY``, ``EXPLAIN_TEMPLATE_LOADING`` ``LOGGER_HANDLER_POLICY``, ``EXPLAIN_TEMPLATE_LOADING``
.. versionchanged:: 1.0
``LOGGER_NAME`` and ``LOGGER_HANDLER_POLICY`` were removed. See
:ref:`logging` for information about configuration.
Added :data:`ENV` to reflect the :envvar:`FLASK_ENV` environment
variable.
Added :data:`SESSION_COOKIE_SAMESITE` to control the session
cookie's ``SameSite`` option.
Configuring from Files Configuring from Files
---------------------- ----------------------
@ -262,7 +398,7 @@ So a common pattern is this::
This first loads the configuration from the This first loads the configuration from the
`yourapplication.default_settings` module and then overrides the values `yourapplication.default_settings` module and then overrides the values
with the contents of the file the :envvar:``YOURAPPLICATION_SETTINGS`` with the contents of the file the :envvar:`YOURAPPLICATION_SETTINGS`
environment variable points to. This environment variable can be set on environment variable points to. This environment variable can be set on
Linux or OS X with the export command in the shell before starting the Linux or OS X with the export command in the shell before starting the
server:: server::
@ -284,7 +420,7 @@ Here is an example of a configuration file::
# Example configuration # Example configuration
DEBUG = False DEBUG = False
SECRET_KEY = '?\xbf,\xb4\x8d\xa3"<\x9c\xb0@\x0f5\xab,w\xee\x8d$0\x13\x8b83' SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
Make sure to load the configuration very early on, so that extensions have Make sure to load the configuration very early on, so that extensions have
the ability to access the configuration when starting up. There are other the ability to access the configuration when starting up. There are other
@ -292,6 +428,54 @@ methods on the config object as well to load from individual files. For a
complete reference, read the :class:`~flask.Config` object's complete reference, read the :class:`~flask.Config` object's
documentation. documentation.
Configuring from Environment Variables
--------------------------------------
In addition to pointing to configuration files using environment variables, you
may find it useful (or necessary) to control your configuration values directly
from the environment.
Environment variables can be set on Linux or OS X with the export command in
the shell before starting the server::
$ export SECRET_KEY='5f352379324c22463451387a0aec5d2f'
$ export DEBUG=False
$ python run-app.py
* Running on http://127.0.0.1:5000/
* Restarting with reloader...
On Windows systems use the `set` builtin instead::
>set SECRET_KEY='5f352379324c22463451387a0aec5d2f'
>set DEBUG=False
While this approach is straightforward to use, it is important to remember that
environment variables are strings -- they are not automatically deserialized
into Python types.
Here is an example of a configuration file that uses environment variables::
# Example configuration
import os
ENVIRONMENT_DEBUG = os.environ.get("DEBUG", default=False)
if ENVIRONMENT_DEBUG.lower() in ("f", "false"):
ENVIRONMENT_DEBUG = False
DEBUG = ENVIRONMENT_DEBUG
SECRET_KEY = os.environ.get("SECRET_KEY", default=None)
if not SECRET_KEY:
raise ValueError("No secret key set for Flask application")
Notice that any value besides an empty string will be interpreted as a boolean
``True`` value in Python, which requires care if an environment explicitly sets
values intended to be ``False``.
Make sure to load the configuration very early on, so that extensions have the
ability to access the configuration when starting up. There are other methods
on the config object as well to load from individual files. For a complete
reference, read the :class:`~flask.Config` class documentation.
Configuration Best Practices Configuration Best Practices
---------------------------- ----------------------------
@ -344,7 +528,7 @@ configuration::
class Config(object): class Config(object):
DEBUG = False DEBUG = False
TESTING = False TESTING = False
DATABASE_URI = 'sqlite://:memory:' DATABASE_URI = 'sqlite:///:memory:'
class ProductionConfig(Config): class ProductionConfig(Config):
DATABASE_URI = 'mysql://user@localhost/foo' DATABASE_URI = 'mysql://user@localhost/foo'

3
docs/contents.rst.inc

@ -16,6 +16,7 @@ instructions for web development with Flask.
templating templating
testing testing
errorhandling errorhandling
logging
config config
signals signals
views views
@ -55,7 +56,7 @@ Design notes, legal information and changelog are here for the interested.
unicode unicode
extensiondev extensiondev
styleguide styleguide
python3
upgrading upgrading
changelog changelog
license license
contributing

1
docs/contributing.rst

@ -0,0 +1 @@
.. include:: ../CONTRIBUTING.rst

10
docs/deploying/fastcgi.rst

@ -111,7 +111,7 @@ Set yourapplication.fcgi::
#!/usr/bin/python #!/usr/bin/python
#: optional path to your local python site-packages folder #: optional path to your local python site-packages folder
import sys import sys
sys.path.insert(0, '<your_local_path>/lib/python2.6/site-packages') sys.path.insert(0, '<your_local_path>/lib/python<your_python_version>/site-packages')
from flup.server.fcgi import WSGIServer from flup.server.fcgi import WSGIServer
from yourapplication import app from yourapplication import app
@ -144,7 +144,7 @@ A basic FastCGI configuration for lighttpd looks like that::
) )
alias.url = ( alias.url = (
"/static/" => "/path/to/your/static" "/static/" => "/path/to/your/static/"
) )
url.rewrite-once = ( url.rewrite-once = (
@ -159,7 +159,7 @@ work in the URL root you have to work around a lighttpd bug with the
Make sure to apply it only if you are mounting the application the URL Make sure to apply it only if you are mounting the application the URL
root. Also, see the Lighty docs for more information on `FastCGI and Python root. Also, see the Lighty docs for more information on `FastCGI and Python
<http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFastCGI>`_ (note that <https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFastCGI>`_ (note that
explicitly passing a socket to run() is no longer necessary). explicitly passing a socket to run() is no longer necessary).
Configuring nginx Configuring nginx
@ -234,7 +234,7 @@ python path. Common problems are:
web server. web server.
- Different python interpreters being used. - Different python interpreters being used.
.. _nginx: http://nginx.org/ .. _nginx: https://nginx.org/
.. _lighttpd: http://www.lighttpd.net/ .. _lighttpd: https://www.lighttpd.net/
.. _cherokee: http://cherokee-project.com/ .. _cherokee: http://cherokee-project.com/
.. _flup: https://pypi.python.org/pypi/flup .. _flup: https://pypi.python.org/pypi/flup

11
docs/deploying/index.rst

@ -4,9 +4,8 @@ Deployment Options
================== ==================
While lightweight and easy to use, **Flask's built-in server is not suitable While lightweight and easy to use, **Flask's built-in server is not suitable
for production** as it doesn't scale well and by default serves only one for production** as it doesn't scale well. Some of the options available for
request at a time. Some of the options available for properly running Flask in properly running Flask in production are documented here.
production are documented here.
If you want to deploy your Flask application to a WSGI server not listed here, If you want to deploy your Flask application to a WSGI server not listed here,
look up the server documentation about how to use a WSGI app with it. Just look up the server documentation about how to use a WSGI app with it. Just
@ -20,9 +19,11 @@ Hosted options
- `Deploying Flask on Heroku <https://devcenter.heroku.com/articles/getting-started-with-python>`_ - `Deploying Flask on Heroku <https://devcenter.heroku.com/articles/getting-started-with-python>`_
- `Deploying Flask on OpenShift <https://developers.openshift.com/en/python-flask.html>`_ - `Deploying Flask on OpenShift <https://developers.openshift.com/en/python-flask.html>`_
- `Deploying Flask on Webfaction <http://flask.pocoo.org/snippets/65/>`_ - `Deploying Flask on Webfaction <http://flask.pocoo.org/snippets/65/>`_
- `Deploying Flask on Google App Engine <https://github.com/kamalgill/flask-appengine-template>`_ - `Deploying Flask on Google App Engine <https://cloud.google.com/appengine/docs/standard/python/getting-started/python-standard-env>`_
- `Deploying Flask on AWS Elastic Beanstalk <https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create-deploy-python-flask.html>`_
- `Sharing your Localhost Server with Localtunnel <http://flask.pocoo.org/snippets/89/>`_ - `Sharing your Localhost Server with Localtunnel <http://flask.pocoo.org/snippets/89/>`_
- `Deploying on Azure (IIS) <https://azure.microsoft.com/documentation/articles/web-sites-python-configure/>`_ - `Deploying on Azure (IIS) <https://azure.microsoft.com/documentation/articles/web-sites-python-configure/>`_
- `Deploying on PythonAnywhere <https://help.pythonanywhere.com/pages/Flask/>`_
Self-hosted options Self-hosted options
------------------- -------------------
@ -30,8 +31,8 @@ Self-hosted options
.. toctree:: .. toctree::
:maxdepth: 2 :maxdepth: 2
mod_wsgi
wsgi-standalone wsgi-standalone
uwsgi uwsgi
mod_wsgi
fastcgi fastcgi
cgi cgi

8
docs/deploying/mod_wsgi.rst

@ -13,7 +13,7 @@ If you are using the `Apache`_ webserver, consider using `mod_wsgi`_.
not called because this will always start a local WSGI server which not called because this will always start a local WSGI server which
we do not want if we deploy that application to mod_wsgi. we do not want if we deploy that application to mod_wsgi.
.. _Apache: http://httpd.apache.org/ .. _Apache: https://httpd.apache.org/
Installing `mod_wsgi` Installing `mod_wsgi`
--------------------- ---------------------
@ -114,7 +114,7 @@ refuse to run with the above configuration. On a Windows system, eliminate those
Note: There have been some changes in access control configuration for `Apache 2.4`_. Note: There have been some changes in access control configuration for `Apache 2.4`_.
.. _Apache 2.4: http://httpd.apache.org/docs/trunk/upgrading.html .. _Apache 2.4: https://httpd.apache.org/docs/trunk/upgrading.html
Most notably, the syntax for directory permissions has changed from httpd 2.2 Most notably, the syntax for directory permissions has changed from httpd 2.2
@ -133,9 +133,9 @@ to httpd 2.4 syntax
For more information consult the `mod_wsgi documentation`_. For more information consult the `mod_wsgi documentation`_.
.. _mod_wsgi: https://github.com/GrahamDumpleton/mod_wsgi .. _mod_wsgi: https://github.com/GrahamDumpleton/mod_wsgi
.. _installation instructions: http://modwsgi.readthedocs.io/en/develop/installation.html .. _installation instructions: https://modwsgi.readthedocs.io/en/develop/installation.html
.. _virtual python: https://pypi.python.org/pypi/virtualenv .. _virtual python: https://pypi.python.org/pypi/virtualenv
.. _mod_wsgi documentation: http://modwsgi.readthedocs.io/en/develop/index.html .. _mod_wsgi documentation: https://modwsgi.readthedocs.io/en/develop/index.html
Troubleshooting Troubleshooting
--------------- ---------------

4
docs/deploying/uwsgi.rst

@ -66,7 +66,7 @@ to have it in the URL root its a bit simpler::
uwsgi_pass unix:/tmp/yourapplication.sock; uwsgi_pass unix:/tmp/yourapplication.sock;
} }
.. _nginx: http://nginx.org/ .. _nginx: https://nginx.org/
.. _lighttpd: http://www.lighttpd.net/ .. _lighttpd: https://www.lighttpd.net/
.. _cherokee: http://cherokee-project.com/ .. _cherokee: http://cherokee-project.com/
.. _uwsgi: http://projects.unbit.it/uwsgi/ .. _uwsgi: http://projects.unbit.it/uwsgi/

18
docs/deploying/wsgi-standalone.rst

@ -27,6 +27,22 @@ For example, to run a Flask application with 4 worker processes (``-w
.. _eventlet: http://eventlet.net/ .. _eventlet: http://eventlet.net/
.. _greenlet: https://greenlet.readthedocs.io/en/latest/ .. _greenlet: https://greenlet.readthedocs.io/en/latest/
uWSGI
--------
`uWSGI`_ is a fast application server written in C. It is very configurable
which makes it more complicated to setup than gunicorn.
Running `uWSGI HTTP Router`_::
uwsgi --http 127.0.0.1:5000 --module myproject:app
For a more optimized setup, see `configuring uWSGI and NGINX`_.
.. _uWSGI: http://uwsgi-docs.readthedocs.io/en/latest/
.. _uWSGI HTTP Router: http://uwsgi-docs.readthedocs.io/en/latest/HTTP.html#the-uwsgi-http-https-router
.. _configuring uWSGI and NGINX: uwsgi.html#starting-your-app-with-uwsgi
Gevent Gevent
------- -------
@ -62,7 +78,7 @@ as well; see ``twistd -h`` and ``twistd web -h`` for more information. For
example, to run a Twisted Web server in the foreground, on port 8080, with an example, to run a Twisted Web server in the foreground, on port 8080, with an
application from ``myproject``:: application from ``myproject``::
twistd -n web --port 8080 --wsgi myproject.app twistd -n web --port tcp:8080 --wsgi myproject.app
.. _Twisted: https://twistedmatrix.com/ .. _Twisted: https://twistedmatrix.com/
.. _Twisted Web: https://twistedmatrix.com/trac/wiki/TwistedWeb .. _Twisted Web: https://twistedmatrix.com/trac/wiki/TwistedWeb

290
docs/errorhandling.rst

@ -34,7 +34,7 @@ Error Logging Tools
Sending error mails, even if just for critical ones, can become Sending error mails, even if just for critical ones, can become
overwhelming if enough users are hitting the error and log files are overwhelming if enough users are hitting the error and log files are
typically never looked at. This is why we recommend using `Sentry typically never looked at. This is why we recommend using `Sentry
<http://www.getsentry.com/>`_ for dealing with application errors. It's <https://www.getsentry.com/>`_ for dealing with application errors. It's
available as an Open Source project `on GitHub available as an Open Source project `on GitHub
<https://github.com/getsentry/sentry>`__ and is also available as a `hosted version <https://github.com/getsentry/sentry>`__ and is also available as a `hosted version
<https://getsentry.com/signup/>`_ which you can try for free. Sentry <https://getsentry.com/signup/>`_ which you can try for free. Sentry
@ -42,9 +42,9 @@ aggregates duplicate errors, captures the full stack trace and local
variables for debugging, and sends you mails based on new errors or variables for debugging, and sends you mails based on new errors or
frequency thresholds. frequency thresholds.
To use Sentry you need to install the `raven` client:: To use Sentry you need to install the `raven` client with extra `flask` dependencies::
$ pip install raven $ pip install raven[flask]
And then add this to your Flask app:: And then add this to your Flask app::
@ -76,256 +76,78 @@ Error handlers
You might want to show custom error pages to the user when an error occurs. You might want to show custom error pages to the user when an error occurs.
This can be done by registering error handlers. This can be done by registering error handlers.
Error handlers are normal :ref:`views` but instead of being registered for An error handler is a normal view function that return a response, but instead
routes, they are registered for exceptions that are raised while trying to of being registered for a route, it is registered for an exception or HTTP
do something else. status code that would is raised while trying to handle a request.
Registering Registering
``````````` ```````````
Register error handlers using :meth:`~flask.Flask.errorhandler` or Register handlers by decorating a function with
:meth:`~flask.Flask.register_error_handler`:: :meth:`~flask.Flask.errorhandler`. Or use
:meth:`~flask.Flask.register_error_handler` to register the function later.
Remember to set the error code when returning the response. ::
@app.errorhandler(werkzeug.exceptions.BadRequest) @app.errorhandler(werkzeug.exceptions.BadRequest)
def handle_bad_request(e): def handle_bad_request(e):
return 'bad request!' return 'bad request!', 400
app.register_error_handler(400, lambda e: 'bad request!') # or, without the decorator
app.register_error_handler(400, handle_bad_request)
Those two ways are equivalent, but the first one is more clear and leaves
you with a function to call on your whim (and in tests). Note that
:exc:`werkzeug.exceptions.HTTPException` subclasses like :exc:`werkzeug.exceptions.HTTPException` subclasses like
:exc:`~werkzeug.exceptions.BadRequest` from the example and their HTTP codes :exc:`~werkzeug.exceptions.BadRequest` and their HTTP codes are interchangeable
are interchangeable when handed to the registration methods or decorator when registering handlers. (``BadRequest.code == 400``)
(``BadRequest.code == 400``).
You are however not limited to :exc:`~werkzeug.exceptions.HTTPException` Non-standard HTTP codes cannot be registered by code because they are not known
or HTTP status codes but can register a handler for every exception class you by Werkzeug. Instead, define a subclass of
like. :class:`~werkzeug.exceptions.HTTPException` with the appropriate code and
register and raise that exception class. ::
.. versionchanged:: 0.11 class InsufficientStorage(werkzeug.exceptions.HTTPException):
code = 507
description = 'Not enough storage space.'
app.register_error_handler(InsuffcientStorage, handle_507)
raise InsufficientStorage()
Errorhandlers are now prioritized by specificity of the exception classes Handlers can be registered for any exception class, not just
they are registered for instead of the order they are registered in. :exc:`~werkzeug.exceptions.HTTPException` subclasses or HTTP status
codes. Handlers can be registered for a specific class, or for all subclasses
of a parent class.
Handling Handling
```````` ````````
Once an exception instance is raised, its class hierarchy is traversed, When an exception is caught by Flask while handling a request, it is first
and searched for in the exception classes for which handlers are registered. looked up by code. If no handler is registered for the code, it is looked up
The most specific handler is selected. by its class hierarchy; the most specific handler is chosen. If no handler is
registered, :class:`~werkzeug.exceptions.HTTPException` subclasses show a
generic message about their code, while other exceptions are converted to a
generic 500 Internal Server Error.
E.g. if an instance of :exc:`ConnectionRefusedError` is raised, and a handler For example, if an instance of :exc:`ConnectionRefusedError` is raised, and a handler
is registered for :exc:`ConnectionError` and :exc:`ConnectionRefusedError`, is registered for :exc:`ConnectionError` and :exc:`ConnectionRefusedError`,
the more specific :exc:`ConnectionRefusedError` handler is called on the the more specific :exc:`ConnectionRefusedError` handler is called with the
exception instance, and its response is shown to the user. exception instance to generate the response.
Error Mails Handlers registered on the blueprint take precedence over those registered
----------- globally on the application, assuming a blueprint is handling the request that
raises the exception. However, the blueprint cannot handle 404 routing errors
If the application runs in production mode (which it will do on your because the 404 occurs at the routing level before the blueprint can be
server) you might not see any log messages. The reason for that is that determined.
Flask by default will just report to the WSGI error stream or stderr
(depending on what's available). Where this ends up is sometimes hard to .. versionchanged:: 0.11
find. Often it's in your webserver's log files.
Handlers are prioritized by specificity of the exception classes they are
I can pretty much promise you however that if you only use a logfile for registered for instead of the order they are registered in.
the application errors you will never look at it except for debugging an
issue when a user reported it for you. What you probably want instead is Logging
a mail the second the exception happened. Then you get an alert and you -------
can do something about it.
See :ref:`logging` for information on how to log exceptions, such as by
Flask uses the Python builtin logging system, and it can actually send emailing them to admins.
you mails for errors which is probably what you want. Here is how you can
configure the Flask logger to send you mails for exceptions::
ADMINS = ['yourname@example.com']
if not app.debug:
import logging
from logging.handlers import SMTPHandler
mail_handler = SMTPHandler('127.0.0.1',
'server-error@example.com',
ADMINS, 'YourApplication Failed')
mail_handler.setLevel(logging.ERROR)
app.logger.addHandler(mail_handler)
So what just happened? We created a new
:class:`~logging.handlers.SMTPHandler` that will send mails with the mail
server listening on ``127.0.0.1`` to all the `ADMINS` from the address
*server-error@example.com* with the subject "YourApplication Failed". If
your mail server requires credentials, these can also be provided. For
that check out the documentation for the
:class:`~logging.handlers.SMTPHandler`.
We also tell the handler to only send errors and more critical messages.
Because we certainly don't want to get a mail for warnings or other
useless logs that might happen during request handling.
Before you run that in production, please also look at :ref:`logformat` to
put more information into that error mail. That will save you from a lot
of frustration.
Logging to a File
-----------------
Even if you get mails, you probably also want to log warnings. It's a
good idea to keep as much information around that might be required to
debug a problem. By default as of Flask 0.11, errors are logged to your
webserver's log automatically. Warnings however are not. Please note
that Flask itself will not issue any warnings in the core system, so it's
your responsibility to warn in the code if something seems odd.
There are a couple of handlers provided by the logging system out of the
box but not all of them are useful for basic error logging. The most
interesting are probably the following:
- :class:`~logging.FileHandler` - logs messages to a file on the
filesystem.
- :class:`~logging.handlers.RotatingFileHandler` - logs messages to a file
on the filesystem and will rotate after a certain number of messages.
- :class:`~logging.handlers.NTEventLogHandler` - will log to the system
event log of a Windows system. If you are deploying on a Windows box,
this is what you want to use.
- :class:`~logging.handlers.SysLogHandler` - sends logs to a UNIX
syslog.
Once you picked your log handler, do like you did with the SMTP handler
above, just make sure to use a lower setting (I would recommend
`WARNING`)::
if not app.debug:
import logging
from themodule import TheHandlerYouWant
file_handler = TheHandlerYouWant(...)
file_handler.setLevel(logging.WARNING)
app.logger.addHandler(file_handler)
.. _logformat:
Controlling the Log Format
--------------------------
By default a handler will only write the message string into a file or
send you that message as mail. A log record stores more information,
and it makes a lot of sense to configure your logger to also contain that
information so that you have a better idea of why that error happened, and
more importantly, where it did.
A formatter can be instantiated with a format string. Note that
tracebacks are appended to the log entry automatically. You don't have to
do that in the log formatter format string.
Here some example setups:
Email
`````
::
from logging import Formatter
mail_handler.setFormatter(Formatter('''
Message type: %(levelname)s
Location: %(pathname)s:%(lineno)d
Module: %(module)s
Function: %(funcName)s
Time: %(asctime)s
Message:
%(message)s
'''))
File logging
````````````
::
from logging import Formatter
file_handler.setFormatter(Formatter(
'%(asctime)s %(levelname)s: %(message)s '
'[in %(pathname)s:%(lineno)d]'
))
Complex Log Formatting
``````````````````````
Here is a list of useful formatting variables for the format string. Note
that this list is not complete, consult the official documentation of the
:mod:`logging` package for a full list.
.. tabularcolumns:: |p{3cm}|p{12cm}|
+------------------+----------------------------------------------------+
| Format | Description |
+==================+====================================================+
| ``%(levelname)s``| Text logging level for the message |
| | (``'DEBUG'``, ``'INFO'``, ``'WARNING'``, |
| | ``'ERROR'``, ``'CRITICAL'``). |
+------------------+----------------------------------------------------+
| ``%(pathname)s`` | Full pathname of the source file where the |
| | logging call was issued (if available). |
+------------------+----------------------------------------------------+
| ``%(filename)s`` | Filename portion of pathname. |
+------------------+----------------------------------------------------+
| ``%(module)s`` | Module (name portion of filename). |
+------------------+----------------------------------------------------+
| ``%(funcName)s`` | Name of function containing the logging call. |
+------------------+----------------------------------------------------+
| ``%(lineno)d`` | Source line number where the logging call was |
| | issued (if available). |
+------------------+----------------------------------------------------+
| ``%(asctime)s`` | Human-readable time when the LogRecord` was |
| | created. By default this is of the form |
| | ``"2003-07-08 16:49:45,896"`` (the numbers after |
| | the comma are millisecond portion of the time). |
| | This can be changed by subclassing the formatter |
| | and overriding the |
| | :meth:`~logging.Formatter.formatTime` method. |
+------------------+----------------------------------------------------+
| ``%(message)s`` | The logged message, computed as ``msg % args`` |
+------------------+----------------------------------------------------+
If you want to further customize the formatting, you can subclass the
formatter. The formatter has three interesting methods:
:meth:`~logging.Formatter.format`:
handles the actual formatting. It is passed a
:class:`~logging.LogRecord` object and has to return the formatted
string.
:meth:`~logging.Formatter.formatTime`:
called for `asctime` formatting. If you want a different time format
you can override this method.
:meth:`~logging.Formatter.formatException`
called for exception formatting. It is passed an :attr:`~sys.exc_info`
tuple and has to return a string. The default is usually fine, you
don't have to override it.
For more information, head over to the official documentation.
Other Libraries
---------------
So far we only configured the logger your application created itself.
Other libraries might log themselves as well. For example, SQLAlchemy uses
logging heavily in its core. While there is a method to configure all
loggers at once in the :mod:`logging` package, I would not recommend using
it. There might be a situation in which you want to have multiple
separate applications running side by side in the same Python interpreter
and then it becomes impossible to have different logging setups for those.
Instead, I would recommend figuring out which loggers you are interested
in, getting the loggers with the :func:`~logging.getLogger` function and
iterating over them to attach handlers::
from logging import getLogger
loggers = [app.logger, getLogger('sqlalchemy'),
getLogger('otherlibrary')]
for logger in loggers:
logger.addHandler(mail_handler)
logger.addHandler(file_handler)
Debugging Application Errors Debugging Application Errors

40
docs/extensiondev.rst

@ -29,12 +29,6 @@ be something like "Flask-SimpleXML". Make sure to include the name
This is how users can then register dependencies to your extension in This is how users can then register dependencies to your extension in
their :file:`setup.py` files. their :file:`setup.py` files.
Flask sets up a redirect package called :data:`flask.ext` where users
should import the extensions from. If you for instance have a package
called ``flask_something`` users would import it as
``flask.ext.something``. This is done to transition from the old
namespace packages. See :ref:`ext-import-transition` for more details.
But what do extensions look like themselves? An extension has to ensure But what do extensions look like themselves? An extension has to ensure
that it works with multiple Flask application instances at once. This is that it works with multiple Flask application instances at once. This is
a requirement because many people will use patterns like the a requirement because many people will use patterns like the
@ -48,7 +42,7 @@ that people can easily install the development version into their
virtualenv without having to download the library by hand. virtualenv without having to download the library by hand.
Flask extensions must be licensed under a BSD, MIT or more liberal license Flask extensions must be licensed under a BSD, MIT or more liberal license
to be able to be enlisted in the Flask Extension Registry. Keep in mind in order to be listed in the Flask Extension Registry. Keep in mind
that the Flask Extension Registry is a moderated place and libraries will that the Flask Extension Registry is a moderated place and libraries will
be reviewed upfront if they behave as required. be reviewed upfront if they behave as required.
@ -154,10 +148,10 @@ What to use depends on what you have in mind. For the SQLite 3 extension
we will use the class-based approach because it will provide users with an we will use the class-based approach because it will provide users with an
object that handles opening and closing database connections. object that handles opening and closing database connections.
What's important about classes is that they encourage to be shared around When designing your classes, it's important to make them easily reusable
on module level. In that case, the object itself must not under any at the module level. This means the object itself must not under any
circumstances store any application specific state and must be shareable circumstances store any application specific state and must be shareable
between different application. between different applications.
The Extension Code The Extension Code
------------------ ------------------
@ -334,10 +328,10 @@ development. If you want to learn more, it's a very good idea to check
out existing extensions on the `Flask Extension Registry`_. If you feel out existing extensions on the `Flask Extension Registry`_. If you feel
lost there is still the `mailinglist`_ and the `IRC channel`_ to get some lost there is still the `mailinglist`_ and the `IRC channel`_ to get some
ideas for nice looking APIs. Especially if you do something nobody before ideas for nice looking APIs. Especially if you do something nobody before
you did, it might be a very good idea to get some more input. This not you did, it might be a very good idea to get some more input. This not only
only to get an idea about what people might want to have from an generates useful feedback on what people might want from an extension, but
extension, but also to avoid having multiple developers working on pretty also avoids having multiple developers working in isolation on pretty much the
much the same side by side. same problem.
Remember: good API design is hard, so introduce your project on the Remember: good API design is hard, so introduce your project on the
mailinglist, and let other developers give you a helping hand with mailinglist, and let other developers give you a helping hand with
@ -370,10 +364,10 @@ extension to be approved you have to follow these guidelines:
3. APIs of approved extensions will be checked for the following 3. APIs of approved extensions will be checked for the following
characteristics: characteristics:
- an approved extension has to support multiple applications - an approved extension has to support multiple applications
running in the same Python process. running in the same Python process.
- it must be possible to use the factory pattern for creating - it must be possible to use the factory pattern for creating
applications. applications.
4. The license must be BSD/MIT/WTFPL licensed. 4. The license must be BSD/MIT/WTFPL licensed.
5. The naming scheme for official extensions is *Flask-ExtensionName* or 5. The naming scheme for official extensions is *Flask-ExtensionName* or
@ -387,13 +381,11 @@ extension to be approved you have to follow these guidelines:
link to the documentation, website (if there is one) and there link to the documentation, website (if there is one) and there
must be a link to automatically install the development version must be a link to automatically install the development version
(``PackageName==dev``). (``PackageName==dev``).
9. The ``zip_safe`` flag in the setup script must be set to ``False``, 9. The ``zip_safe`` flag in the setup script must be set to ``False``,
even if the extension would be safe for zipping. even if the extension would be safe for zipping.
10. An extension currently has to support Python 2.6 as well as 10. An extension currently has to support Python 3.4 and newer and 2.7.
Python 2.7
.. _ext-import-transition:
Extension Import Transition Extension Import Transition
--------------------------- ---------------------------
@ -413,6 +405,6 @@ schema. The ``flask.ext.foo`` compatibility alias is still in Flask 0.11 but is
now deprecated -- you should use ``flask_foo``. now deprecated -- you should use ``flask_foo``.
.. _OAuth extension: http://pythonhosted.org/Flask-OAuth/ .. _OAuth extension: https://pythonhosted.org/Flask-OAuth/
.. _mailinglist: http://flask.pocoo.org/mailinglist/ .. _mailinglist: http://flask.pocoo.org/mailinglist/
.. _IRC channel: http://flask.pocoo.org/community/irc/ .. _IRC channel: http://flask.pocoo.org/community/irc/

86
docs/flaskext.py

@ -1,86 +0,0 @@
# flasky extensions. flasky pygments style based on tango style
from pygments.style import Style
from pygments.token import Keyword, Name, Comment, String, Error, \
Number, Operator, Generic, Whitespace, Punctuation, Other, Literal
class FlaskyStyle(Style):
background_color = "#f8f8f8"
default_style = ""
styles = {
# No corresponding class for the following:
#Text: "", # class: ''
Whitespace: "underline #f8f8f8", # class: 'w'
Error: "#a40000 border:#ef2929", # class: 'err'
Other: "#000000", # class 'x'
Comment: "italic #8f5902", # class: 'c'
Comment.Preproc: "noitalic", # class: 'cp'
Keyword: "bold #004461", # class: 'k'
Keyword.Constant: "bold #004461", # class: 'kc'
Keyword.Declaration: "bold #004461", # class: 'kd'
Keyword.Namespace: "bold #004461", # class: 'kn'
Keyword.Pseudo: "bold #004461", # class: 'kp'
Keyword.Reserved: "bold #004461", # class: 'kr'
Keyword.Type: "bold #004461", # class: 'kt'
Operator: "#582800", # class: 'o'
Operator.Word: "bold #004461", # class: 'ow' - like keywords
Punctuation: "bold #000000", # class: 'p'
# because special names such as Name.Class, Name.Function, etc.
# are not recognized as such later in the parsing, we choose them
# to look the same as ordinary variables.
Name: "#000000", # class: 'n'
Name.Attribute: "#c4a000", # class: 'na' - to be revised
Name.Builtin: "#004461", # class: 'nb'
Name.Builtin.Pseudo: "#3465a4", # class: 'bp'
Name.Class: "#000000", # class: 'nc' - to be revised
Name.Constant: "#000000", # class: 'no' - to be revised
Name.Decorator: "#888", # class: 'nd' - to be revised
Name.Entity: "#ce5c00", # class: 'ni'
Name.Exception: "bold #cc0000", # class: 'ne'
Name.Function: "#000000", # class: 'nf'
Name.Property: "#000000", # class: 'py'
Name.Label: "#f57900", # class: 'nl'
Name.Namespace: "#000000", # class: 'nn' - to be revised
Name.Other: "#000000", # class: 'nx'
Name.Tag: "bold #004461", # class: 'nt' - like a keyword
Name.Variable: "#000000", # class: 'nv' - to be revised
Name.Variable.Class: "#000000", # class: 'vc' - to be revised
Name.Variable.Global: "#000000", # class: 'vg' - to be revised
Name.Variable.Instance: "#000000", # class: 'vi' - to be revised
Number: "#990000", # class: 'm'
Literal: "#000000", # class: 'l'
Literal.Date: "#000000", # class: 'ld'
String: "#4e9a06", # class: 's'
String.Backtick: "#4e9a06", # class: 'sb'
String.Char: "#4e9a06", # class: 'sc'
String.Doc: "italic #8f5902", # class: 'sd' - like a comment
String.Double: "#4e9a06", # class: 's2'
String.Escape: "#4e9a06", # class: 'se'
String.Heredoc: "#4e9a06", # class: 'sh'
String.Interpol: "#4e9a06", # class: 'si'
String.Other: "#4e9a06", # class: 'sx'
String.Regex: "#4e9a06", # class: 'sr'
String.Single: "#4e9a06", # class: 's1'
String.Symbol: "#4e9a06", # class: 'ss'
Generic: "#000000", # class: 'g'
Generic.Deleted: "#a40000", # class: 'gd'
Generic.Emph: "italic #000000", # class: 'ge'
Generic.Error: "#ef2929", # class: 'gr'
Generic.Heading: "bold #000080", # class: 'gh'
Generic.Inserted: "#00A000", # class: 'gi'
Generic.Output: "#888", # class: 'go'
Generic.Prompt: "#745334", # class: 'gp'
Generic.Strong: "bold #000000", # class: 'gs'
Generic.Subheading: "bold #800080", # class: 'gu'
Generic.Traceback: "bold #a40000", # class: 'gt'
}

236
docs/installation.rst

@ -3,163 +3,179 @@
Installation Installation
============ ============
Flask depends on some external libraries, like `Werkzeug Python Version
<http://werkzeug.pocoo.org/>`_ and `Jinja2 <http://jinja.pocoo.org/>`_. --------------
Werkzeug is a toolkit for WSGI, the standard Python interface between web
applications and a variety of servers for both development and deployment.
Jinja2 renders templates.
So how do you get all that on your computer quickly? There are many ways you We recommend using the latest version of Python 3. Flask supports Python 3.4
could do that, but the most kick-ass method is virtualenv, so let's have a look and newer, Python 2.7, and PyPy.
at that first.
You will need Python 2.6 or newer to get started, so be sure to have an Dependencies
up-to-date Python 2.x installation. For using Flask with Python 3 have a ------------
look at :ref:`python3-support`.
.. _virtualenv: These distributions will be installed automatically when installing Flask.
virtualenv * `Werkzeug`_ implements WSGI, the standard Python interface between
---------- applications and servers.
* `Jinja`_ is a template language that renders the pages your application
serves.
* `MarkupSafe`_ comes with Jinja. It escapes untrusted input when rendering
templates to avoid injection attacks.
* `ItsDangerous`_ securely signs data to ensure its integrity. This is used
to protect Flask's session cookie.
* `Click`_ is a framework for writing command line applications. It provides
the ``flask`` command and allows adding custom management commands.
Virtualenv is probably what you want to use during development, and if you have .. _Werkzeug: http://werkzeug.pocoo.org/
shell access to your production machines, you'll probably want to use it there, .. _Jinja: http://jinja.pocoo.org/
too. .. _MarkupSafe: https://pypi.python.org/pypi/MarkupSafe
.. _ItsDangerous: https://pythonhosted.org/itsdangerous/
.. _Click: http://click.pocoo.org/
What problem does virtualenv solve? If you like Python as much as I do, Optional dependencies
chances are you want to use it for other projects besides Flask-based web ~~~~~~~~~~~~~~~~~~~~~
applications. But the more projects you have, the more likely it is that you
will be working with different versions of Python itself, or at least different
versions of Python libraries. Let's face it: quite often libraries break
backwards compatibility, and it's unlikely that any serious application will
have zero dependencies. So what do you do if two or more of your projects have
conflicting dependencies?
Virtualenv to the rescue! Virtualenv enables multiple side-by-side These distributions will not be installed automatically. Flask will detect and
installations of Python, one for each project. It doesn't actually install use them if you install them.
separate copies of Python, but it does provide a clever way to keep different
project environments isolated. Let's see how virtualenv works.
If you are on Mac OS X or Linux, chances are that the following * `Blinker`_ provides support for :ref:`signals`.
command will work for you:: * `SimpleJSON`_ is a fast JSON implementation that is compatible with
Python's ``json`` module. It is preferred for JSON operations if it is
installed.
* `python-dotenv`_ enables support for :ref:`dotenv` when running ``flask``
commands.
* `Watchdog`_ provides a faster, more efficient reloader for the development
server.
$ sudo pip install virtualenv .. _Blinker: https://pythonhosted.org/blinker/
.. _SimpleJSON: https://simplejson.readthedocs.io/
.. _python-dotenv: https://github.com/theskumar/python-dotenv#readme
.. _watchdog: https://pythonhosted.org/watchdog/
It will probably install virtualenv on your system. Maybe it's even Virtual environments
in your package manager. If you use Ubuntu, try:: --------------------
$ sudo apt-get install python-virtualenv Use a virtual environment to manage the dependencies for your project, both in
development and in production.
If you are on Windows and don't have the ``easy_install`` command, you must What problem does a virtual environment solve? The more Python projects you
install it first. Check the :ref:`windows-easy-install` section for more have, the more likely it is that you need to work with different versions of
information about how to do that. Once you have it installed, run the same Python libraries, or even Python itself. Newer versions of libraries for one
commands as above, but without the ``sudo`` prefix. project can break compatibility in another project.
Once you have virtualenv installed, just fire up a shell and create Virtual environments are independent groups of Python libraries, one for each
your own environment. I usually create a project folder and a :file:`venv` project. Packages installed for one project will not affect other projects or
folder within:: the operating system's packages.
$ mkdir myproject Python 3 comes bundled with the :mod:`venv` module to create virtual
$ cd myproject environments. If you're using a modern version of Python, you can continue on
$ virtualenv venv to the next section.
New python executable in venv/bin/python
Installing setuptools, pip............done.
Now, whenever you want to work on a project, you only have to activate the If you're using Python 2, see :ref:`install-install-virtualenv` first.
corresponding environment. On OS X and Linux, do the following::
$ . venv/bin/activate .. _install-create-env:
If you are a Windows user, the following command is for you:: Create an environment
~~~~~~~~~~~~~~~~~~~~~
$ venv\Scripts\activate Create a project folder and a :file:`venv` folder within:
Either way, you should now be using your virtualenv (notice how the prompt of .. code-block:: sh
your shell has changed to show the active environment).
And if you want to go back to the real world, use the following command:: mkdir myproject
cd myproject
python3 -m venv venv
$ deactivate On Windows:
After doing this, the prompt of your shell should be as familiar as before. .. code-block:: bat
Now, let's move on. Enter the following command to get Flask activated in your py -3 -m venv venv
virtualenv::
$ pip install Flask If you needed to install virtualenv because you are on an older version of
Python, use the following command instead:
A few seconds later and you are good to go. .. code-block:: sh
virtualenv venv
System-Wide Installation On Windows:
------------------------
This is possible as well, though I do not recommend it. Just run .. code-block:: bat
``pip`` with root privileges::
$ sudo pip install Flask \Python27\Scripts\virtualenv.exe venv
(On Windows systems, run it in a command-prompt window with administrator Activate the environment
privileges, and leave out ``sudo``.) ~~~~~~~~~~~~~~~~~~~~~~~~
Before you work on your project, activate the corresponding environment:
Living on the Edge .. code-block:: sh
------------------
. venv/bin/activate
On Windows:
.. code-block:: bat
venv\Scripts\activate
Your shell prompt will change to show the name of the activated environment.
Install Flask
-------------
If you want to work with the latest version of Flask, there are two ways: you Within the activated environment, use the following command to install Flask:
can either let ``pip`` pull in the development version, or you can tell
it to operate on a git checkout. Either way, virtualenv is recommended.
Get the git checkout in a new virtualenv and run in development mode:: .. code-block:: sh
$ git clone http://github.com/pallets/flask.git pip install Flask
Initialized empty Git repository in ~/dev/flask/.git/
$ cd flask Living on the edge
$ virtualenv venv ~~~~~~~~~~~~~~~~~~
New python executable in venv/bin/python
Installing setuptools, pip............done. If you want to work with the latest Flask code before it's released, install or
$ . venv/bin/activate update the code from the master branch:
$ python setup.py develop
... .. code-block:: sh
Finished processing dependencies for Flask
pip install -U https://github.com/pallets/flask/archive/master.tar.gz
.. _install-install-virtualenv:
Install virtualenv
------------------
This will pull in the dependencies and activate the git head as the current If you are using Python 2, the venv module is not available. Instead,
version inside the virtualenv. Then all you have to do is run ``git pull install `virtualenv`_.
origin`` to update to the latest version.
.. _windows-easy-install: On Linux, virtualenv is provided by your package manager:
`pip` and `setuptools` on Windows .. code-block:: sh
---------------------------------
Sometimes getting the standard "Python packaging tools" like ``pip``, ``setuptools`` # Debian, Ubuntu
and ``virtualenv`` can be a little trickier, but nothing very hard. The crucial sudo apt-get install python-virtualenv
package you will need is pip - this will let you install
anything else (like virtualenv). Fortunately there is a "bootstrap script"
you can run to install.
If you don't currently have ``pip``, then `get-pip.py` will install it for you. # CentOS, Fedora
sudo yum install python-virtualenv
`get-pip.py`_ # Arch
sudo pacman -S python-virtualenv
It should be double-clickable once you download it. If you already have ``pip``, If you are on Mac OS X or Windows, download `get-pip.py`_, then:
you can upgrade them by running::
> pip install --upgrade pip setuptools .. code-block:: sh
Most often, once you pull up a command prompt you want to be able to type ``pip`` sudo python2 Downloads/get-pip.py
and ``python`` which will run those things, but this might not automatically happen sudo python2 -m pip install virtualenv
on Windows, because it doesn't know where those executables are (give either a try!).
To fix this, you should be able to navigate to your Python install directory On Windows, as an administrator:
(e.g :file:`C:\Python27`), then go to :file:`Tools`, then :file:`Scripts`, then find the
:file:`win_add2path.py` file and run that. Open a **new** Command Prompt and
check that you can now just type ``python`` to bring up the interpreter.
Finally, to install `virtualenv`_, you can simply run:: .. code-block:: bat
> pip install virtualenv \Python27\python.exe Downloads\get-pip.py
\Python27\python.exe -m pip install virtualenv
Then you can be off on your way following the installation instructions above. Now you can continue to :ref:`install-create-env`.
.. _virtualenv: https://virtualenv.pypa.io/
.. _get-pip.py: https://bootstrap.pypa.io/get-pip.py .. _get-pip.py: https://bootstrap.pypa.io/get-pip.py

175
docs/logging.rst

@ -0,0 +1,175 @@
.. _logging:
Logging
=======
Flask uses standard Python :mod:`logging`. All Flask-related messages are
logged under the ``'flask'`` logger namespace.
:meth:`Flask.logger <flask.Flask.logger>` returns the logger named
``'flask.app'``, and can be used to log messages for your application. ::
@app.route('/login', methods=['POST'])
def login():
user = get_user(request.form['username'])
if user.check_password(request.form['password']):
login_user(user)
app.logger.info('%s logged in successfully', user.username)
return redirect(url_for('index'))
else:
app.logger.info('%s failed to log in', user.username)
abort(401)
Basic Configuration
-------------------
When you want to configure logging for your project, you should do it as soon
as possible when the program starts. If :meth:`app.logger <flask.Flask.logger>`
is accessed before logging is configured, it will add a default handler. If
possible, configure logging before creating the application object.
This example uses :func:`~logging.config.dictConfig` to create a logging
configuration similar to Flask's default, except for all logs::
from logging.config import dictConfig
dictConfig({
'version': 1,
'formatters': {'default': {
'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
}},
'handlers': {'wsgi': {
'class': 'logging.StreamHandler',
'stream': 'ext://flask.logging.wsgi_errors_stream',
'formatter': 'default'
}},
'root': {
'level': 'INFO',
'handlers': ['wsgi']
}
})
app = Flask(__name__)
Default Configuration
`````````````````````
If you do not configure logging yourself, Flask will add a
:class:`~logging.StreamHandler` to :meth:`app.logger <flask.Flask.logger>`
automatically. During requests, it will write to the stream specified by the
WSGI server in ``environ['wsgi.errors']`` (which is usually
:data:`sys.stderr`). Outside a request, it will log to :data:`sys.stderr`.
Removing the Default Handler
````````````````````````````
If you configured logging after accessing
:meth:`app.logger <flask.Flask.logger>`, and need to remove the default
handler, you can import and remove it::
from flask.logging import default_handler
app.logger.removeHandler(default_handler)
Email Errors to Admins
----------------------
When running the application on a remote server for production, you probably
won't be looking at the log messages very often. The WSGI server will probably
send log messages to a file, and you'll only check that file if a user tells
you something went wrong.
To be proactive about discovering and fixing bugs, you can configure a
:class:`logging.handlers.SMTPHandler` to send an email when errors and higher
are logged. ::
import logging
from logging.handlers import SMTPHandler
mail_handler = SMTPHandler(
mailhost='127.0.0.1',
fromaddr='server-error@example.com',
toaddrs=['admin@example.com'],
subject='Application Error'
)
mail_handler.setLevel(logging.ERROR)
mail_handler.setFormatter(logging.Formatter(
'[%(asctime)s] %(levelname)s in %(module)s: %(message)s'
))
if not app.debug:
app.logger.addHandler(mail_handler)
This requires that you have an SMTP server set up on the same server. See the
Python docs for more information about configuring the handler.
Injecting Request Information
-----------------------------
Seeing more information about the request, such as the IP address, may help
debugging some errors. You can subclass :class:`logging.Formatter` to inject
your own fields that can be used in messages. You can change the formatter for
Flask's default handler, the mail handler defined above, or any other
handler. ::
from flask import request
from flask.logging import default_handler
class RequestFormatter(logging.Formatter):
def format(self, record):
record.url = request.url
record.remote_addr = request.remote_addr
return super().format(record)
formatter = RequestFormatter(
'[%(asctime)s] %(remote_addr)s requested %(url)s\n'
'%(levelname)s in %(module)s: %(message)s'
)
default_handler.setFormatter(formatter)
mail_handler.setFormatter(formatter)
Other Libraries
---------------
Other libraries may use logging extensively, and you want to see relevant
messages from those logs too. The simplest way to do this is to add handlers
to the root logger instead of only the app logger. ::
from flask.logging import default_handler
root = logging.getLogger()
root.addHandler(default_handler)
root.addHandler(mail_handler)
Depending on your project, it may be more useful to configure each logger you
care about separately, instead of configuring only the root logger. ::
for logger in (
app.logger,
logging.getLogger('sqlalchemy'),
logging.getLogger('other_package'),
):
logger.addHandler(default_handler)
logger.addHandler(mail_handler)
Werkzeug
````````
Werkzeug logs basic request/response information to the ``'werkzeug'`` logger.
If the root logger has no handlers configured, Werkzeug adds a
:class:`~logging.StreamHandler` to its logger.
Flask Extensions
````````````````
Depending on the situation, an extension may choose to log to
:meth:`app.logger <flask.Flask.logger>` or its own named logger. Consult each
extension's documentation for details.

35
docs/patterns/appfactories.rst

@ -6,7 +6,7 @@ Application Factories
If you are already using packages and blueprints for your application If you are already using packages and blueprints for your application
(:ref:`blueprints`) there are a couple of really nice ways to further improve (:ref:`blueprints`) there are a couple of really nice ways to further improve
the experience. A common pattern is creating the application object when the experience. A common pattern is creating the application object when
the blueprint is imported. But if you move the creation of this object, the blueprint is imported. But if you move the creation of this object
into a function, you can then create multiple instances of this app later. into a function, you can then create multiple instances of this app later.
So why would you want to do this? So why would you want to do this?
@ -60,7 +60,7 @@ Factories & Extensions
It's preferable to create your extensions and app factories so that the It's preferable to create your extensions and app factories so that the
extension object does not initially get bound to the application. extension object does not initially get bound to the application.
Using `Flask-SQLAlchemy <http://pythonhosted.org/Flask-SQLAlchemy/>`_, Using `Flask-SQLAlchemy <http://flask-sqlalchemy.pocoo.org/>`_,
as an example, you should not do something along those lines:: as an example, you should not do something along those lines::
def create_app(config_filename): def create_app(config_filename):
@ -89,28 +89,29 @@ For more information about the design of extensions refer to :doc:`/extensiondev
Using Applications Using Applications
------------------ ------------------
So to use such an application you then have to create the application To run such an application, you can use the :command:`flask` command::
first in a separate file otherwise the :command:`flask` command won't be able
to find it. Here an example :file:`exampleapp.py` file that creates such
an application::
from yourapplication import create_app export FLASK_APP=myapp
app = create_app('/path/to/config.cfg') flask run
It can then be used with the :command:`flask` command:: Flask will automatically detect the factory (``create_app`` or ``make_app``)
in ``myapp``. You can also pass arguments to the factory like this::
export FLASK_APP=exampleapp export FLASK_APP="myapp:create_app('dev')"
flask run flask run
Then the ``create_app`` factory in ``myapp`` is called with the string
``'dev'`` as the argument. See :doc:`/cli` for more detail.
Factory Improvements Factory Improvements
-------------------- --------------------
The factory function from above is not very clever so far, you can improve The factory function above is not very clever, but you can improve it.
it. The following changes are straightforward and possible: The following changes are straightforward to implement:
1. make it possible to pass in configuration values for unittests so that 1. Make it possible to pass in configuration values for unit tests so that
you don't have to create config files on the filesystem you don't have to create config files on the filesystem.
2. call a function from a blueprint when the application is setting up so 2. Call a function from a blueprint when the application is setting up so
that you have a place to modify attributes of the application (like that you have a place to modify attributes of the application (like
hooking in before / after request handlers etc.) hooking in before/after request handlers etc.)
3. Add in WSGI middlewares when the application is creating if necessary. 3. Add in WSGI middlewares when the application is being created if necessary.

80
docs/patterns/celery.rst

@ -1,24 +1,27 @@
Celery Based Background Tasks Celery Background Tasks
============================= =======================
Celery is a task queue for Python with batteries included. It used to If your application has a long running task, such as processing some uploaded
have a Flask integration but it became unnecessary after some data or sending email, you don't want to wait for it to finish during a
restructuring of the internals of Celery with Version 3. This guide fills request. Instead, use a task queue to send the necessary data to another
in the blanks in how to properly use Celery with Flask but assumes that process that will run the task in the background while the request returns
you generally already read the `First Steps with Celery immediately.
<http://docs.celeryproject.org/en/latest/getting-started/first-steps-with-celery.html>`_
guide in the official Celery documentation.
Installing Celery Celery is a powerful task queue that can be used for simple background tasks
----------------- as well as complex multi-stage programs and schedules. This guide will show you
how to configure Celery using Flask, but assumes you've already read the
`First Steps with Celery <http://docs.celeryproject.org/en/latest/getting-started/first-steps-with-celery.html>`_
guide in the Celery documentation.
Celery is on the Python Package Index (PyPI), so it can be installed with Install
standard Python tools like :command:`pip` or :command:`easy_install`:: -------
Celery is a separate Python package. Install it from PyPI using pip::
$ pip install celery $ pip install celery
Configuring Celery Configure
------------------ ---------
The first thing you need is a Celery instance, this is called the celery The first thing you need is a Celery instance, this is called the celery
application. It serves the same purpose as the :class:`~flask.Flask` application. It serves the same purpose as the :class:`~flask.Flask`
@ -36,15 +39,18 @@ This is all that is necessary to properly integrate Celery with Flask::
from celery import Celery from celery import Celery
def make_celery(app): def make_celery(app):
celery = Celery(app.import_name, backend=app.config['CELERY_RESULT_BACKEND'], celery = Celery(
broker=app.config['CELERY_BROKER_URL']) app.import_name,
backend=app.config['CELERY_RESULT_BACKEND'],
broker=app.config['CELERY_BROKER_URL']
)
celery.conf.update(app.config) celery.conf.update(app.config)
TaskBase = celery.Task
class ContextTask(TaskBase): class ContextTask(celery.Task):
abstract = True
def __call__(self, *args, **kwargs): def __call__(self, *args, **kwargs):
with app.app_context(): with app.app_context():
return TaskBase.__call__(self, *args, **kwargs) return self.run(*args, **kwargs)
celery.Task = ContextTask celery.Task = ContextTask
return celery return celery
@ -53,11 +59,12 @@ from the application config, updates the rest of the Celery config from
the Flask config and then creates a subclass of the task that wraps the the Flask config and then creates a subclass of the task that wraps the
task execution in an application context. task execution in an application context.
Minimal Example An example task
--------------- ---------------
With what we have above this is the minimal example of using Celery with Let's write a task that adds two numbers together and returns the result. We
Flask:: configure Celery's broker and backend to use Redis, create a ``celery``
application using the factor from above, and then use it to define the task. ::
from flask import Flask from flask import Flask
@ -68,26 +75,27 @@ Flask::
) )
celery = make_celery(flask_app) celery = make_celery(flask_app)
@celery.task() @celery.task()
def add_together(a, b): def add_together(a, b):
return a + b return a + b
This task can now be called in the background: This task can now be called in the background::
>>> result = add_together.delay(23, 42) result = add_together.delay(23, 42)
>>> result.wait() result.wait() # 65
65
Running the Celery Worker Run a worker
------------------------- ------------
Now if you jumped in and already executed the above code you will be If you jumped in and already executed the above code you will be
disappointed to learn that your ``.wait()`` will never actually return. disappointed to learn that ``.wait()`` will never actually return.
That's because you also need to run celery. You can do that by running That's because you also need to run a Celery worker to receive and execute the
celery as a worker:: task. ::
$ celery -A your_application.celery worker $ celery -A your_application.celery worker
The ``your_application`` string has to point to your application's package The ``your_application`` string has to point to your application's package
or module that creates the `celery` object. or module that creates the ``celery`` object.
Now that the worker is running, ``wait`` will return the result once the task
is finished.

82
docs/patterns/deferredcallbacks.rst

@ -3,71 +3,43 @@
Deferred Request Callbacks Deferred Request Callbacks
========================== ==========================
One of the design principles of Flask is that response objects are created One of the design principles of Flask is that response objects are created and
and passed down a chain of potential callbacks that can modify them or passed down a chain of potential callbacks that can modify them or replace
replace them. When the request handling starts, there is no response them. When the request handling starts, there is no response object yet. It is
object yet. It is created as necessary either by a view function or by created as necessary either by a view function or by some other component in
some other component in the system. the system.
But what happens if you want to modify the response at a point where the What happens if you want to modify the response at a point where the response
response does not exist yet? A common example for that would be a does not exist yet? A common example for that would be a
before-request function that wants to set a cookie on the response object. :meth:`~flask.Flask.before_request` callback that wants to set a cookie on the
response object.
One way is to avoid the situation. Very often that is possible. For
instance you can try to move that logic into an after-request callback One way is to avoid the situation. Very often that is possible. For instance
instead. Sometimes however moving that code there is just not a very you can try to move that logic into a :meth:`~flask.Flask.after_request`
pleasant experience or makes code look very awkward. callback instead. However, sometimes moving code there makes it more
more complicated or awkward to reason about.
As an alternative possibility you can attach a bunch of callback functions
to the :data:`~flask.g` object and call them at the end of the request. As an alternative, you can use :func:`~flask.after_this_request` to register
This way you can defer code execution from anywhere in the application. callbacks that will execute after only the current request. This way you can
defer code execution from anywhere in the application, based on the current
request.
The Decorator
-------------
The following decorator is the key. It registers a function on a list on
the :data:`~flask.g` object::
from flask import g
def after_this_request(f):
if not hasattr(g, 'after_request_callbacks'):
g.after_request_callbacks = []
g.after_request_callbacks.append(f)
return f
Calling the Deferred
--------------------
Now you can use the `after_this_request` decorator to mark a function to
be called at the end of the request. But we still need to call them. For
this the following function needs to be registered as
:meth:`~flask.Flask.after_request` callback::
@app.after_request
def call_after_request_callbacks(response):
for callback in getattr(g, 'after_request_callbacks', ()):
callback(response)
return response
A Practical Example
-------------------
At any time during a request, we can register a function to be called at the At any time during a request, we can register a function to be called at the
end of the request. For example you can remember the current language of the end of the request. For example you can remember the current language of the
user in a cookie in the before-request function:: user in a cookie in a :meth:`~flask.Flask.before_request` callback::
from flask import request from flask import request, after_this_request
@app.before_request @app.before_request
def detect_user_language(): def detect_user_language():
language = request.cookies.get('user_lang') language = request.cookies.get('user_lang')
if language is None: if language is None:
language = guess_language_from_request() language = guess_language_from_request()
# when the response exists, set a cookie with the language
@after_this_request @after_this_request
def remember_language(response): def remember_language(response):
response.set_cookie('user_lang', language) response.set_cookie('user_lang', language)
g.language = language g.language = language

8
docs/patterns/distribute.rst

@ -88,15 +88,15 @@ support them and they make debugging a lot harder.
Tagging Builds Tagging Builds
-------------- --------------
It is useful to distinguish between release and development builds. Add a It is useful to distinguish between release and development builds. Add a
:file:`setup.cfg` file to configure these options. :file:`setup.cfg` file to configure these options. ::
[egg_info] [egg_info]
tag_build = .dev tag_build = .dev
tag_date = 1 tag_date = 1
[aliases] [aliases]
release = egg_info -RDb '' release = egg_info -Db ''
Running ``python setup.py sdist`` will create a development package Running ``python setup.py sdist`` will create a development package
with ".dev" and the current date appended: ``flaskr-1.0.dev20160314.tar.gz``. with ".dev" and the current date appended: ``flaskr-1.0.dev20160314.tar.gz``.
@ -174,4 +174,4 @@ the code without having to run ``install`` again after each change.
.. _pip: https://pypi.python.org/pypi/pip .. _pip: https://pypi.python.org/pypi/pip
.. _Setuptools: https://pythonhosted.org/setuptools .. _Setuptools: https://pypi.python.org/pypi/setuptools

54
docs/patterns/errorpages.rst

@ -47,37 +47,53 @@ even if the application behaves correctly:
Error Handlers Error Handlers
-------------- --------------
An error handler is a function, just like a view function, but it is An error handler is a function that returns a response when a type of error is
called when an error happens and is passed that error. The error is most raised, similar to how a view is a function that returns a response when a
likely a :exc:`~werkzeug.exceptions.HTTPException`, but in one case it request URL is matched. It is passed the instance of the error being handled,
can be a different error: a handler for internal server errors will be which is most likely a :exc:`~werkzeug.exceptions.HTTPException`. An error
passed other exception instances as well if they are uncaught. handler for "500 Internal Server Error" will be passed uncaught exceptions in
addition to explicit 500 errors.
An error handler is registered with the :meth:`~flask.Flask.errorhandler` An error handler is registered with the :meth:`~flask.Flask.errorhandler`
decorator and the error code of the exception. Keep in mind that Flask decorator or the :meth:`~flask.Flask.register_error_handler` method. A handler
will *not* set the error code for you, so make sure to also provide the can be registered for a status code, like 404, or for an exception class.
HTTP status code when returning a response.
Please note that if you add an error handler for "500 Internal Server The status code of the response will not be set to the handler's code. Make
Error", Flask will not trigger it if it's running in Debug mode. sure to provide the appropriate HTTP status code when returning a response from
a handler.
Here an example implementation for a "404 Page Not Found" exception:: A handler for "500 Internal Server Error" will not be used when running in
debug mode. Instead, the interactive debugger will be shown.
Here is an example implementation for a "404 Page Not Found" exception::
from flask import render_template from flask import render_template
@app.errorhandler(404) @app.errorhandler(404)
def page_not_found(e): def page_not_found(e):
# note that we set the 404 status explicitly
return render_template('404.html'), 404 return render_template('404.html'), 404
When using the :ref:`application factory pattern <app-factories>`::
from flask import Flask, render_template
def page_not_found(e):
return render_template('404.html'), 404
def create_app(config_filename):
app = Flask(__name__)
app.register_error_handler(404, page_not_found)
return app
An example template might be this: An example template might be this:
.. sourcecode:: html+jinja .. sourcecode:: html+jinja
{% extends "layout.html" %} {% extends "layout.html" %}
{% block title %}Page Not Found{% endblock %} {% block title %}Page Not Found{% endblock %}
{% block body %} {% block body %}
<h1>Page Not Found</h1> <h1>Page Not Found</h1>
<p>What you were looking for is just not there. <p>What you were looking for is just not there.
<p><a href="{{ url_for('index') }}">go somewhere nice</a> <p><a href="{{ url_for('index') }}">go somewhere nice</a>
{% endblock %} {% endblock %}

2
docs/patterns/favicon.rst

@ -49,5 +49,5 @@ web server's documentation.
See also See also
-------- --------
* The `Favicon <http://en.wikipedia.org/wiki/Favicon>`_ article on * The `Favicon <https://en.wikipedia.org/wiki/Favicon>`_ article on
Wikipedia Wikipedia

16
docs/patterns/fileuploads.rst

@ -21,7 +21,7 @@ specific upload folder and displays a file to the user. Let's look at the
bootstrapping code for our application:: bootstrapping code for our application::
import os import os
from flask import Flask, request, redirect, url_for from flask import Flask, flash, request, redirect, url_for
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
UPLOAD_FOLDER = '/path/to/the/uploads' UPLOAD_FOLDER = '/path/to/the/uploads'
@ -58,22 +58,22 @@ the file and redirects the user to the URL for the uploaded file::
return redirect(request.url) return redirect(request.url)
file = request.files['file'] file = request.files['file']
# if user does not select file, browser also # if user does not select file, browser also
# submit a empty part without filename # submit an empty part without filename
if file.filename == '': if file.filename == '':
flash('No selected file') flash('No selected file')
return redirect(request.url) return redirect(request.url)
if file and allowed_file(file.filename): if file and allowed_file(file.filename):
filename = secure_filename(file.filename) filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
return redirect(url_for('uploaded_file', return redirect(url_for('upload_file',
filename=filename)) filename=filename))
return ''' return '''
<!doctype html> <!doctype html>
<title>Upload new File</title> <title>Upload new File</title>
<h1>Upload new File</h1> <h1>Upload new File</h1>
<form method=post enctype=multipart/form-data> <form method=post enctype=multipart/form-data>
<p><input type=file name=file> <input type=file name=file>
<input type=submit value=Upload> <input type=submit value=Upload>
</form> </form>
''' '''
@ -149,8 +149,8 @@ config key::
app = Flask(__name__) app = Flask(__name__)
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024 app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024
The code above will limited the maximum allowed payload to 16 megabytes. The code above will limit the maximum allowed payload to 16 megabytes.
If a larger file is transmitted, Flask will raise an If a larger file is transmitted, Flask will raise a
:exc:`~werkzeug.exceptions.RequestEntityTooLarge` exception. :exc:`~werkzeug.exceptions.RequestEntityTooLarge` exception.
This feature was added in Flask 0.6 but can be achieved in older versions This feature was added in Flask 0.6 but can be achieved in older versions
@ -181,4 +181,4 @@ applications dealing with uploads, there is also a Flask extension called
blacklisting of extensions and more. blacklisting of extensions and more.
.. _jQuery: https://jquery.com/ .. _jQuery: https://jquery.com/
.. _Flask-Uploads: http://pythonhosted.org/Flask-Uploads/ .. _Flask-Uploads: https://pythonhosted.org/Flask-Uploads/

2
docs/patterns/flashing.rst

@ -22,7 +22,7 @@ So here is a full example::
request, url_for request, url_for
app = Flask(__name__) app = Flask(__name__)
app.secret_key = 'some_secret' app.secret_key = b'_5#y2L"F4Q8z\n\xec]/'
@app.route('/') @app.route('/')
def index(): def index():

11
docs/patterns/packages.rst

@ -17,6 +17,10 @@ this::
login.html login.html
... ...
If you find yourself stuck on something, feel free
to take a look at the source code for this example.
You'll find `the full src for this example here`_.
Simple Packages Simple Packages
--------------- ---------------
@ -61,10 +65,10 @@ that tells Flask where to find the application instance::
export FLASK_APP=yourapplication export FLASK_APP=yourapplication
If you are outside of the project directory make sure to provide the exact If you are outside of the project directory make sure to provide the exact
path to your application directory. Similiarly you can turn on "debug path to your application directory. Similarly you can turn on the
mode" with this environment variable:: development features like this::
export FLASK_DEBUG=true export FLASK_ENV=development
In order to install and run the application you need to issue the following In order to install and run the application you need to issue the following
commands:: commands::
@ -130,6 +134,7 @@ You should then end up with something like that::
.. _working-with-modules: .. _working-with-modules:
.. _the full src for this example here: https://github.com/pallets/flask/tree/master/examples/patterns/largerapp
Working with Blueprints Working with Blueprints
----------------------- -----------------------

10
docs/patterns/sqlalchemy.rst

@ -22,7 +22,7 @@ if you want to get started quickly.
You can download `Flask-SQLAlchemy`_ from `PyPI You can download `Flask-SQLAlchemy`_ from `PyPI
<https://pypi.python.org/pypi/Flask-SQLAlchemy>`_. <https://pypi.python.org/pypi/Flask-SQLAlchemy>`_.
.. _Flask-SQLAlchemy: http://pythonhosted.org/Flask-SQLAlchemy/ .. _Flask-SQLAlchemy: http://flask-sqlalchemy.pocoo.org/
Declarative Declarative
@ -108,9 +108,9 @@ Querying is simple as well:
>>> User.query.filter(User.name == 'admin').first() >>> User.query.filter(User.name == 'admin').first()
<User u'admin'> <User u'admin'>
.. _SQLAlchemy: http://www.sqlalchemy.org/ .. _SQLAlchemy: https://www.sqlalchemy.org/
.. _declarative: .. _declarative:
http://docs.sqlalchemy.org/en/latest/orm/extensions/declarative/ https://docs.sqlalchemy.org/en/latest/orm/extensions/declarative/
Manual Object Relational Mapping Manual Object Relational Mapping
-------------------------------- --------------------------------
@ -135,7 +135,7 @@ Here is an example :file:`database.py` module for your application::
def init_db(): def init_db():
metadata.create_all(bind=engine) metadata.create_all(bind=engine)
As for the declarative approach you need to close the session after As in the declarative approach, you need to close the session after
each request or application context shutdown. Put this into your each request or application context shutdown. Put this into your
application module:: application module::
@ -215,4 +215,4 @@ You can also pass strings of SQL statements to the
(1, u'admin', u'admin@localhost') (1, u'admin', u'admin@localhost')
For more information about SQLAlchemy, head over to the For more information about SQLAlchemy, head over to the
`website <http://www.sqlalchemy.org/>`_. `website <https://www.sqlalchemy.org/>`_.

4
docs/patterns/sqlite3.rst

@ -67,7 +67,7 @@ the application context by hand::
Easy Querying Easy Querying
------------- -------------
Now in each request handling function you can access `g.db` to get the Now in each request handling function you can access `get_db()` to get the
current open database connection. To simplify working with SQLite, a current open database connection. To simplify working with SQLite, a
row factory function is useful. It is executed for every result returned row factory function is useful. It is executed for every result returned
from the database to convert the result. For instance, in order to get from the database to convert the result. For instance, in order to get
@ -131,7 +131,7 @@ To pass variable parts to the SQL statement, use a question mark in the
statement and pass in the arguments as a list. Never directly add them to statement and pass in the arguments as a list. Never directly add them to
the SQL statement with string formatting because this makes it possible the SQL statement with string formatting because this makes it possible
to attack the application using `SQL Injections to attack the application using `SQL Injections
<http://en.wikipedia.org/wiki/SQL_injection>`_. <https://en.wikipedia.org/wiki/SQL_injection>`_.
Initial Schemas Initial Schemas
--------------- ---------------

2
docs/patterns/wtforms.rst

@ -19,7 +19,7 @@ forms.
fun. You can get it from `PyPI fun. You can get it from `PyPI
<https://pypi.python.org/pypi/Flask-WTF>`_. <https://pypi.python.org/pypi/Flask-WTF>`_.
.. _Flask-WTF: http://pythonhosted.org/Flask-WTF/ .. _Flask-WTF: https://flask-wtf.readthedocs.io/en/stable/
The Forms The Forms
--------- ---------

23
docs/python3.rst

@ -1,23 +0,0 @@
.. _python3-support:
Python 3 Support
================
Flask, its dependencies, and most Flask extensions support Python 3.
You should start using Python 3 for your next project,
but there are a few things to be aware of.
You need to use Python 3.3 or higher. 3.2 and older are *not* supported.
You should use the latest versions of all Flask-related packages.
Flask 0.10 and Werkzeug 0.9 were the first versions to introduce Python 3 support.
Python 3 changed how unicode and bytes are handled, which complicates how low
level code handles HTTP data. This mainly affects WSGI middleware interacting
with the WSGI ``environ`` data. Werkzeug wraps that information in high-level
helpers, so encoding issues should not affect you.
The majority of the upgrade work is in the lower-level libraries like
Flask and Werkzeug, not the high-level application code.
For example, all of the examples in the Flask repository work on both Python 2 and 3
and did not require a single line of code changed.

309
docs/quickstart.rst

@ -50,7 +50,14 @@ to tell your terminal the application to work with by exporting the
$ flask run $ flask run
* Running on http://127.0.0.1:5000/ * Running on http://127.0.0.1:5000/
If you are on Windows you need to use ``set`` instead of ``export``. If you are on Windows, the environment variable syntax depends on command line
interpreter. On Command Prompt::
C:\path\to\app>set FLASK_APP=hello.py
And on PowerShell::
PS C:\path\to\app> $env:FLASK_APP = "hello.py"
Alternatively you can use :command:`python -m flask`:: Alternatively you can use :command:`python -m flask`::
@ -123,13 +130,14 @@ That is not very nice and Flask can do better. If you enable debug
support the server will reload itself on code changes, and it will also support the server will reload itself on code changes, and it will also
provide you with a helpful debugger if things go wrong. provide you with a helpful debugger if things go wrong.
To enable debug mode you can export the ``FLASK_DEBUG`` environment variable To enable all development features (including debug mode) you can export
the ``FLASK_ENV`` environment variable and set it to ``development``
before running the server:: before running the server::
$ export FLASK_DEBUG=1 $ export FLASK_ENV=development
$ flask run $ flask run
(On Windows you need to use ``set`` instead of ``export``). (On Windows you need to use ``set`` instead of ``export``.)
This does the following things: This does the following things:
@ -137,6 +145,9 @@ This does the following things:
2. it activates the automatic reloader 2. it activates the automatic reloader
3. it enables the debug mode on the Flask application. 3. it enables the debug mode on the Flask application.
You can also control debug mode separately from the environment by
exporting ``FLASK_DEBUG=1``.
There are more parameters that are explained in the :ref:`server` docs. There are more parameters that are explained in the :ref:`server` docs.
.. admonition:: Attention .. admonition:: Attention
@ -153,20 +164,22 @@ Screenshot of the debugger in action:
:class: screenshot :class: screenshot
:alt: screenshot of debugger in action :alt: screenshot of debugger in action
More information on using the debugger can be found in the `Werkzeug
documentation`_.
.. _Werkzeug documentation: http://werkzeug.pocoo.org/docs/debug/#using-the-debugger
Have another debugger in mind? See :ref:`working-with-debuggers`. Have another debugger in mind? See :ref:`working-with-debuggers`.
Routing Routing
------- -------
Modern web applications have beautiful URLs. This helps people remember Modern web applications use meaningful URLs to help users. Users are more
the URLs, which is especially handy for applications that are used from likely to like a page and come back if the page uses a meaningful URL they can
mobile devices with slower network connections. If the user can directly remember and use to directly visit a page.
go to the desired page without having to hit the index page it is more
likely they will like the page and come back next time.
As you have seen above, the :meth:`~flask.Flask.route` decorator is used to Use the :meth:`~flask.Flask.route` decorator to bind a function to a URL. ::
bind a function to a URL. Here are some basic examples::
@app.route('/') @app.route('/')
def index(): def index():
@ -176,16 +189,16 @@ bind a function to a URL. Here are some basic examples::
def hello(): def hello():
return 'Hello, World' return 'Hello, World'
But there is more to it! You can make certain parts of the URL dynamic and You can do more! You can make parts of the URL dynamic and attach multiple
attach multiple rules to a function. rules to a function.
Variable Rules Variable Rules
`````````````` ``````````````
To add variable parts to a URL you can mark these special sections as You can add variable sections to a URL by marking sections with
``<variable_name>``. Such a part is then passed as a keyword argument to your ``<variable_name>``. Your function then receives the ``<variable_name>``
function. Optionally a converter can be used by specifying a rule with as a keyword argument. Optionally, you can use a converter to specify the type
``<converter:variable_name>``. Here are some nice examples:: of the argument like ``<converter:variable_name>``. ::
@app.route('/user/<username>') @app.route('/user/<username>')
def show_user_profile(username): def show_user_profile(username):
@ -197,177 +210,124 @@ function. Optionally a converter can be used by specifying a rule with
# show the post with the given id, the id is an integer # show the post with the given id, the id is an integer
return 'Post %d' % post_id return 'Post %d' % post_id
The following converters exist: @app.route('/path/<path:subpath>')
def show_subpath(subpath):
=========== =============================================== # show the subpath after /path/
`string` accepts any text without a slash (the default) return 'Subpath %s' % subpath
`int` accepts integers
`float` like ``int`` but for floating point values
`path` like the default but also accepts slashes
`any` matches one of the items provided
`uuid` accepts UUID strings
=========== ===============================================
.. admonition:: Unique URLs / Redirection Behavior Converter types:
Flask's URL rules are based on Werkzeug's routing module. The idea ========== ==========================================
behind that module is to ensure beautiful and unique URLs based on ``string`` (default) accepts any text without a slash
precedents laid down by Apache and earlier HTTP servers. ``int`` accepts positive integers
``float`` accepts positive floating point values
``path`` like ``string`` but also accepts slashes
``uuid`` accepts UUID strings
========== ==========================================
Take these two rules:: Unique URLs / Redirection Behavior
``````````````````````````````````
@app.route('/projects/') Take these two rules::
def projects():
return 'The project page'
@app.route('/about') @app.route('/projects/')
def about(): def projects():
return 'The about page' return 'The project page'
Though they look rather similar, they differ in their use of the trailing @app.route('/about')
slash in the URL *definition*. In the first case, the canonical URL for the def about():
``projects`` endpoint has a trailing slash. In that sense, it is similar to return 'The about page'
a folder on a filesystem. Accessing it without a trailing slash will cause
Flask to redirect to the canonical URL with the trailing slash.
In the second case, however, the URL is defined without a trailing slash, Though they look similar, they differ in their use of the trailing slash in
rather like the pathname of a file on UNIX-like systems. Accessing the URL the URL. In the first case, the canonical URL for the ``projects`` endpoint
with a trailing slash will produce a 404 "Not Found" error. uses a trailing slash. It's similar to a folder in a file system; if you
access the URL without a trailing slash, Flask redirects you to the
canonical URL with the trailing slash.
This behavior allows relative URLs to continue working even if the trailing In the second case, however, the URL definition lacks a trailing slash,
slash is omitted, consistent with how Apache and other servers work. Also, like the pathname of a file on UNIX-like systems. Accessing the URL with a
the URLs will stay unique, which helps search engines avoid indexing the trailing slash produces a 404 “Not Found” error.
same page twice.
This behavior allows relative URLs to continue working even if the trailing
slash is omitted, consistent with how Apache and other servers work. Also,
the URLs will stay unique, which helps search engines avoid indexing the
same page twice.
.. _url-building: .. _url-building:
URL Building URL Building
```````````` ````````````
If it can match URLs, can Flask also generate them? Of course it can. To To build a URL to a specific function, use the :func:`~flask.url_for` function.
build a URL to a specific function you can use the :func:`~flask.url_for` It accepts the name of the function as its first argument and any number of
function. It accepts the name of the function as first argument and a number keyword arguments, each corresponding to a variable part of the URL rule.
of keyword arguments, each corresponding to the variable part of the URL rule. Unknown variable parts are appended to the URL as query parameters.
Unknown variable parts are appended to the URL as query parameters. Here are
some examples::
>>> from flask import Flask, url_for
>>> app = Flask(__name__)
>>> @app.route('/')
... def index(): pass
...
>>> @app.route('/login')
... def login(): pass
...
>>> @app.route('/user/<username>')
... def profile(username): pass
...
>>> with app.test_request_context():
... print url_for('index')
... print url_for('login')
... print url_for('login', next='/')
... print url_for('profile', username='John Doe')
...
/
/login
/login?next=/
/user/John%20Doe
(This also uses the :meth:`~flask.Flask.test_request_context` method, explained
below. It tells Flask to behave as though it is handling a request, even
though we are interacting with it through a Python shell. Have a look at the
explanation below. :ref:`context-locals`).
Why would you want to build URLs using the URL reversing function Why would you want to build URLs using the URL reversing function
:func:`~flask.url_for` instead of hard-coding them into your templates? :func:`~flask.url_for` instead of hard-coding them into your templates?
There are three good reasons for this:
1. Reversing is often more descriptive than hard-coding the URLs. More 1. Reversing is often more descriptive than hard-coding the URLs.
importantly, it allows you to change URLs in one go, without having to 2. You can change your URLs in one go instead of needing to remember to
remember to change URLs all over the place. manually change hard-coded URLs.
2. URL building will handle escaping of special characters and Unicode 3. URL building handles escaping of special characters and Unicode data
data transparently for you, so you don't have to deal with them. transparently.
3. If your application is placed outside the URL root - say, in 4. If your application is placed outside the URL root, for example, in
``/myapplication`` instead of ``/`` - :func:`~flask.url_for` will handle ``/myapplication`` instead of ``/``, :func:`~flask.url_for` properly
that properly for you. handles that for you.
For example, here we use the :meth:`~flask.Flask.test_request_context` method
to try out :func:`~flask.url_for`. :meth:`~flask.Flask.test_request_context`
tells Flask to behave as though it's handling a request even while we use a
Python shell. See :ref:`context-locals`. ::
from flask import Flask, url_for
app = Flask(__name__)
@app.route('/')
def index():
return 'index'
@app.route('/login')
def login():
return 'login'
@app.route('/user/<username>')
def profile(username):
return '{}'s profile'.format(username)
with app.test_request_context():
print(url_for('index'))
print(url_for('login'))
print(url_for('login', next='/'))
print(url_for('profile', username='John Doe'))
/
/login
/login?next=/
/user/John%20Doe
HTTP Methods HTTP Methods
```````````` ````````````
HTTP (the protocol web applications are speaking) knows different methods for Web applications use different HTTP methods when accessing URLs. You should
accessing URLs. By default, a route only answers to ``GET`` requests, but that familiarize yourself with the HTTP methods as you work with Flask. By default,
can be changed by providing the ``methods`` argument to the a route only answers to ``GET`` requests. You can use the ``methods`` argument
:meth:`~flask.Flask.route` decorator. Here are some examples:: of the :meth:`~flask.Flask.route` decorator to handle different HTTP methods.
::
from flask import request
@app.route('/login', methods=['GET', 'POST']) @app.route('/login', methods=['GET', 'POST'])
def login(): def login():
if request.method == 'POST': if request.method == 'POST':
do_the_login() return do_the_login()
else: else:
show_the_login_form() return show_the_login_form()
If ``GET`` is present, ``HEAD`` will be added automatically for you. You If ``GET`` is present, Flask automatically adds support for the ``HEAD`` method
don't have to deal with that. It will also make sure that ``HEAD`` requests and handles ``HEAD`` requests according to the the `HTTP RFC`_. Likewise,
are handled as the `HTTP RFC`_ (the document describing the HTTP ``OPTIONS`` is automatically implemented for you.
protocol) demands, so you can completely ignore that part of the HTTP
specification. Likewise, as of Flask 0.6, ``OPTIONS`` is implemented for you .. _HTTP RFC: https://www.ietf.org/rfc/rfc2068.txt
automatically as well.
You have no idea what an HTTP method is? Worry not, here is a quick
introduction to HTTP methods and why they matter:
The HTTP method (also often called "the verb") tells the server what the
client wants to *do* with the requested page. The following methods are
very common:
``GET``
The browser tells the server to just *get* the information stored on
that page and send it. This is probably the most common method.
``HEAD``
The browser tells the server to get the information, but it is only
interested in the *headers*, not the content of the page. An
application is supposed to handle that as if a ``GET`` request was
received but to not deliver the actual content. In Flask you don't
have to deal with that at all, the underlying Werkzeug library handles
that for you.
``POST``
The browser tells the server that it wants to *post* some new
information to that URL and that the server must ensure the data is
stored and only stored once. This is how HTML forms usually
transmit data to the server.
``PUT``
Similar to ``POST`` but the server might trigger the store procedure
multiple times by overwriting the old values more than once. Now you
might be asking why this is useful, but there are some good reasons
to do it this way. Consider that the connection is lost during
transmission: in this situation a system between the browser and the
server might receive the request safely a second time without breaking
things. With ``POST`` that would not be possible because it must only
be triggered once.
``DELETE``
Remove the information at the given location.
``OPTIONS``
Provides a quick way for a client to figure out which methods are
supported by this URL. Starting with Flask 0.6, this is implemented
for you automatically.
Now the interesting part is that in HTML4 and XHTML1, the only methods a
form can submit to the server are ``GET`` and ``POST``. But with JavaScript
and future HTML standards you can use the other methods as well. Furthermore
HTTP has become quite popular lately and browsers are no longer the only
clients that are using HTTP. For instance, many revision control systems
use it.
.. _HTTP RFC: http://www.ietf.org/rfc/rfc2068.txt
Static Files Static Files
------------ ------------
@ -538,16 +498,16 @@ The Request Object
`````````````````` ``````````````````
The request object is documented in the API section and we will not cover The request object is documented in the API section and we will not cover
it here in detail (see :class:`~flask.request`). Here is a broad overview of it here in detail (see :class:`~flask.Request`). Here is a broad overview of
some of the most common operations. First of all you have to import it from some of the most common operations. First of all you have to import it from
the ``flask`` module:: the ``flask`` module::
from flask import request from flask import request
The current request method is available by using the The current request method is available by using the
:attr:`~flask.request.method` attribute. To access form data (data :attr:`~flask.Request.method` attribute. To access form data (data
transmitted in a ``POST`` or ``PUT`` request) you can use the transmitted in a ``POST`` or ``PUT`` request) you can use the
:attr:`~flask.request.form` attribute. Here is a full example of the two :attr:`~flask.Request.form` attribute. Here is a full example of the two
attributes mentioned above:: attributes mentioned above::
@app.route('/login', methods=['POST', 'GET']) @app.route('/login', methods=['POST', 'GET'])
@ -570,7 +530,7 @@ error page is shown instead. So for many situations you don't have to
deal with that problem. deal with that problem.
To access parameters submitted in the URL (``?key=value``) you can use the To access parameters submitted in the URL (``?key=value``) you can use the
:attr:`~flask.request.args` attribute:: :attr:`~flask.Request.args` attribute::
searchword = request.args.get('key', '') searchword = request.args.get('key', '')
@ -579,7 +539,7 @@ We recommend accessing URL parameters with `get` or by catching the
bad request page in that case is not user friendly. bad request page in that case is not user friendly.
For a full list of methods and attributes of the request object, head over For a full list of methods and attributes of the request object, head over
to the :class:`~flask.request` documentation. to the :class:`~flask.Request` documentation.
File Uploads File Uploads
@ -768,6 +728,9 @@ sessions work::
app = Flask(__name__) app = Flask(__name__)
# Set the secret key to some random bytes. Keep this really secret!
app.secret_key = b'_5#y2L"F4Q8z\n\xec]/'
@app.route('/') @app.route('/')
def index(): def index():
if 'username' in session: if 'username' in session:
@ -792,24 +755,18 @@ sessions work::
session.pop('username', None) session.pop('username', None)
return redirect(url_for('index')) return redirect(url_for('index'))
# set the secret key. keep this really secret:
app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
The :func:`~flask.escape` mentioned here does escaping for you if you are The :func:`~flask.escape` mentioned here does escaping for you if you are
not using the template engine (as in this example). not using the template engine (as in this example).
.. admonition:: How to generate good secret keys .. admonition:: How to generate good secret keys
The problem with random is that it's hard to judge what is truly random. And A secret key should be as random as possible. Your operating system has
a secret key should be as random as possible. Your operating system ways to generate pretty random data based on a cryptographic random
has ways to generate pretty random stuff based on a cryptographic generator. Use the following command to quickly generate a value for
random generator which can be used to get such a key:: :attr:`Flask.secret_key` (or :data:`SECRET_KEY`)::
>>> import os
>>> os.urandom(24)
'\xfd{H\xe5<\x95\xf9\xe3\x96.5\xd1\x01O<!\xd5\xa2\xa0\x9fR"\xa1\xa8'
Just take that thing and copy/paste it into your code and you're done. $ python -c 'import os; print(os.urandom(16))'
b'_5#y2L"F4Q8z\n\xec]/'
A note on cookie-based sessions: Flask will take the values you put into the A note on cookie-based sessions: Flask will take the values you put into the
session object and serialize them into a cookie. If you are finding some session object and serialize them into a cookie. If you are finding some

13
docs/reqcontext.rst

@ -119,8 +119,8 @@ understand what is actually happening. The new behavior is quite simple:
not executed yet or at all (for example in test environments sometimes not executed yet or at all (for example in test environments sometimes
you might want to not execute before-request callbacks). you might want to not execute before-request callbacks).
Now what happens on errors? In production mode if an exception is not Now what happens on errors? If you are not in debug mode and an exception is not
caught, the 500 internal server handler is called. In development mode caught, the 500 internal server handler is called. In debug mode
however the exception is not further processed and bubbles up to the WSGI however the exception is not further processed and bubbles up to the WSGI
server. That way things like the interactive debugger can provide helpful server. That way things like the interactive debugger can provide helpful
debug information. debug information.
@ -214,10 +214,11 @@ provide you with important information.
Starting with Flask 0.7 you have finer control over that behavior by Starting with Flask 0.7 you have finer control over that behavior by
setting the ``PRESERVE_CONTEXT_ON_EXCEPTION`` configuration variable. By setting the ``PRESERVE_CONTEXT_ON_EXCEPTION`` configuration variable. By
default it's linked to the setting of ``DEBUG``. If the application is in default it's linked to the setting of ``DEBUG``. If the application is in
debug mode the context is preserved, in production mode it's not. debug mode the context is preserved. If debug mode is set to off, the context
is not preserved.
Do not force activate ``PRESERVE_CONTEXT_ON_EXCEPTION`` in production mode Do not force activate ``PRESERVE_CONTEXT_ON_EXCEPTION`` if debug mode is set to off
as it will cause your application to leak memory on exceptions. However as it will cause your application to leak memory on exceptions. However,
it can be useful during development to get the same error preserving it can be useful during development to get the same error preserving
behavior as in development mode when attempting to debug an error that behavior as debug mode when attempting to debug an error that
only occurs under production settings. only occurs under production settings.

162
docs/security.rst

@ -15,7 +15,7 @@ it JavaScript) into the context of a website. To remedy this, developers
have to properly escape text so that it cannot include arbitrary HTML have to properly escape text so that it cannot include arbitrary HTML
tags. For more information on that have a look at the Wikipedia article tags. For more information on that have a look at the Wikipedia article
on `Cross-Site Scripting on `Cross-Site Scripting
<http://en.wikipedia.org/wiki/Cross-site_scripting>`_. <https://en.wikipedia.org/wiki/Cross-site_scripting>`_.
Flask configures Jinja2 to automatically escape all values unless Flask configures Jinja2 to automatically escape all values unless
explicitly told otherwise. This should rule out all XSS problems caused explicitly told otherwise. This should rule out all XSS problems caused
@ -38,7 +38,7 @@ either double or single quotes when using Jinja expressions in them:
.. sourcecode:: html+jinja .. sourcecode:: html+jinja
<a href="{{ href }}">the text</a> <input value="{{ value }}">
Why is this necessary? Because if you would not be doing that, an Why is this necessary? Because if you would not be doing that, an
attacker could easily inject custom JavaScript handlers. For example an attacker could easily inject custom JavaScript handlers. For example an
@ -46,15 +46,26 @@ attacker could inject this piece of HTML+JavaScript:
.. sourcecode:: html .. sourcecode:: html
onmouseover=alert(document.cookie) onmouseover=alert(document.cookie)
When the user would then move with the mouse over the link, the cookie When the user would then move with the mouse over the input, the cookie
would be presented to the user in an alert window. But instead of showing would be presented to the user in an alert window. But instead of showing
the cookie to the user, a good attacker might also execute any other the cookie to the user, a good attacker might also execute any other
JavaScript code. In combination with CSS injections the attacker might JavaScript code. In combination with CSS injections the attacker might
even make the element fill out the entire page so that the user would even make the element fill out the entire page so that the user would
just have to have the mouse anywhere on the page to trigger the attack. just have to have the mouse anywhere on the page to trigger the attack.
There is one class of XSS issues that Jinja's escaping does not protect
against. The ``a`` tag's ``href`` attribute can contain a `javascript:` URI,
which the browser will execute when clicked if not secured properly.
.. sourcecode:: html
<a href="{{ value }}">click here</a>
<a href="javascript:alert('unsafe');">click here</a>
To prevent this, you'll need to set the :ref:`security-csp` response header.
Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF)
--------------------------------- ---------------------------------
@ -104,3 +115,146 @@ vulnerabilities
<https://github.com/pallets/flask/issues/248#issuecomment-59934857>`_, so <https://github.com/pallets/flask/issues/248#issuecomment-59934857>`_, so
this behavior was changed and :func:`~flask.jsonify` now supports serializing this behavior was changed and :func:`~flask.jsonify` now supports serializing
arrays. arrays.
Security Headers
----------------
Browsers recognize various response headers in order to control security. We
recommend reviewing each of the headers below for use in your application.
The `Flask-Talisman`_ extension can be used to manage HTTPS and the security
headers for you.
.. _Flask-Talisman: https://github.com/GoogleCloudPlatform/flask-talisman
HTTP Strict Transport Security (HSTS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tells the browser to convert all HTTP requests to HTTPS, preventing
man-in-the-middle (MITM) attacks. ::
response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
.. _security-csp:
Content Security Policy (CSP)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tell the browser where it can load various types of resource from. This header
should be used whenever possible, but requires some work to define the correct
policy for your site. A very strict policy would be::
response.headers['Content-Security-Policy'] = "default-src 'self'"
- https://csp.withgoogle.com/docs/index.html
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
X-Content-Type-Options
~~~~~~~~~~~~~~~~~~~~~~
Forces the browser to honor the response content type instead of trying to
detect it, which can be abused to generate a cross-site scripting (XSS)
attack. ::
response.headers['X-Content-Type-Options'] = 'nosniff'
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
X-Frame-Options
~~~~~~~~~~~~~~~
Prevents external sites from embedding your site in an ``iframe``. This
prevents a class of attacks where clicks in the outer frame can be translated
invisibly to clicks on your page's elements. This is also known as
"clickjacking". ::
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
X-XSS-Protection
~~~~~~~~~~~~~~~~
The browser will try to prevent reflected XSS attacks by not loading the page
if the request contains something that looks like JavaScript and the response
contains the same data. ::
response.headers['X-XSS-Protection'] = '1; mode=block'
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
.. _security-cookie:
Set-Cookie options
~~~~~~~~~~~~~~~~~~
These options can be added to a ``Set-Cookie`` header to improve their
security. Flask has configuration options to set these on the session cookie.
They can be set on other cookies too.
- ``Secure`` limits cookies to HTTPS traffic only.
- ``HttpOnly`` protects the contents of cookies from being read with
JavaScript.
- ``SameSite`` restricts how cookies are sent with requests from
external sites. Can be set to ``'Lax'`` (recommended) or ``'Strict'``.
``Lax`` prevents sending cookies with CSRF-prone requests from
external sites, such as submitting a form. ``Strict`` prevents sending
cookies with all external requests, including following regular links.
::
app.config.update(
SESSION_COOKIE_SECURE=True,
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SAMESITE='Lax',
)
response.set_cookie('username', 'flask', secure=True, httponly=True, samesite='Lax')
Specifying ``Expires`` or ``Max-Age`` options, will remove the cookie after
the given time, or the current time plus the age, respectively. If neither
option is set, the cookie will be removed when the browser is closed. ::
# cookie expires after 10 minutes
response.set_cookie('snakes', '3', max_age=600)
For the session cookie, if :attr:`session.permanent <flask.session.permanent>`
is set, then :data:`PERMANENT_SESSION_LIFETIME` is used to set the expiration.
Flask's default cookie implementation validates that the cryptographic
signature is not older than this value. Lowering this value may help mitigate
replay attacks, where intercepted cookies can be sent at a later time. ::
app.config.update(
PERMANENT_SESSION_LIFETIME=600
)
@app.route('/login', methods=['POST'])
def login():
...
session.clear()
session['user_id'] = user.id
session.permanent = True
...
Use :class:`itsdangerous.TimedSerializer` to sign and validate other cookie
values (or any values that need secure signatures).
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
.. _samesite_support: https://caniuse.com/#feat=same-site-cookie-attribute
HTTP Public Key Pinning (HPKP)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This tells the browser to authenticate with the server using only the specific
certificate key to prevent MITM attacks.
.. warning::
Be careful when enabling this, as it is very difficult to undo if you set up
or upgrade your key incorrectly.
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

22
docs/server.rst

@ -12,23 +12,33 @@ but you can also continue using the :meth:`Flask.run` method.
Command Line Command Line
------------ ------------
The :command:`flask` command line script (:ref:`cli`) is strongly recommended for The :command:`flask` command line script (:ref:`cli`) is strongly
development because it provides a superior reload experience due to how it recommended for development because it provides a superior reload
loads the application. The basic usage is like this:: experience due to how it loads the application. The basic usage is like
this::
$ export FLASK_APP=my_application $ export FLASK_APP=my_application
$ export FLASK_DEBUG=1 $ export FLASK_ENV=development
$ flask run $ flask run
This will enable the debugger, the reloader and then start the server on This enables the development environment, including the interactive
debugger and reloader, and then starts the server on
*http://localhost:5000/*. *http://localhost:5000/*.
The individual features of the server can be controlled by passing more The individual features of the server can be controlled by passing more
arguments to the ``run`` option. For instance the reloader can be arguments to the ``run`` option. For instance the reloader can be
disabled:: disabled::
$ flask run --no-reload $ flask run --no-reload
.. note::
Prior to Flask 1.0 the :envvar:`FLASK_ENV` environment variable was
not supported and you needed to enable debug mode by exporting
``FLASK_DEBUG=1``. This can still be used to control debug mode, but
you should prefer setting the development environment as shown
above.
In Code In Code
------- -------

4
docs/signals.rst

@ -27,7 +27,7 @@ executed in undefined order and do not modify any data.
The big advantage of signals over handlers is that you can safely The big advantage of signals over handlers is that you can safely
subscribe to them for just a split second. These temporary subscribe to them for just a split second. These temporary
subscriptions are helpful for unittesting for example. Say you want to subscriptions are helpful for unit testing for example. Say you want to
know what templates were rendered as part of a request: signals allow you know what templates were rendered as part of a request: signals allow you
to do exactly that. to do exactly that.
@ -45,7 +45,7 @@ signal. When you subscribe to a signal, be sure to also provide a sender
unless you really want to listen for signals from all applications. This is unless you really want to listen for signals from all applications. This is
especially true if you are developing an extension. especially true if you are developing an extension.
For example, here is a helper context manager that can be used in a unittest For example, here is a helper context manager that can be used in a unit test
to determine which templates were rendered and what variables were passed to determine which templates were rendered and what variables were passed
to the template:: to the template::

2
docs/styleguide.rst

@ -167,7 +167,7 @@ Docstring conventions:
""" """
Module header: Module header:
The module header consists of an utf-8 encoding declaration (if non The module header consists of a utf-8 encoding declaration (if non
ASCII letters are used, but it is recommended all the time) and a ASCII letters are used, but it is recommended all the time) and a
standard docstring:: standard docstring::

2
docs/templating.rst

@ -1,3 +1,5 @@
.. _templates:
Templates Templates
========= =========

280
docs/testing.rst

@ -5,23 +5,30 @@ Testing Flask Applications
**Something that is untested is broken.** **Something that is untested is broken.**
The origin of this quote is unknown and while it is not entirely correct, it is also The origin of this quote is unknown and while it is not entirely correct, it
not far from the truth. Untested applications make it hard to is also not far from the truth. Untested applications make it hard to
improve existing code and developers of untested applications tend to improve existing code and developers of untested applications tend to
become pretty paranoid. If an application has automated tests, you can become pretty paranoid. If an application has automated tests, you can
safely make changes and instantly know if anything breaks. safely make changes and instantly know if anything breaks.
Flask provides a way to test your application by exposing the Werkzeug Flask provides a way to test your application by exposing the Werkzeug
test :class:`~werkzeug.test.Client` and handling the context locals for you. test :class:`~werkzeug.test.Client` and handling the context locals for you.
You can then use that with your favourite testing solution. In this documentation You can then use that with your favourite testing solution.
we will use the :mod:`unittest` package that comes pre-installed with Python.
In this documentation we will use the `pytest`_ package as the base
framework for our tests. You can install it with ``pip``, like so::
pip install pytest
.. _pytest:
https://pytest.org
The Application The Application
--------------- ---------------
First, we need an application to test; we will use the application from First, we need an application to test; we will use the application from
the :ref:`tutorial`. If you don't have that application yet, get the the :ref:`tutorial`. If you don't have that application yet, get the
sources from `the examples`_. source code from `the examples`_.
.. _the examples: .. _the examples:
https://github.com/pallets/flask/tree/master/examples/flaskr/ https://github.com/pallets/flask/tree/master/examples/flaskr/
@ -29,90 +36,91 @@ sources from `the examples`_.
The Testing Skeleton The Testing Skeleton
-------------------- --------------------
In order to test the application, we add a second module We begin by adding a tests directory under the application root. Then
(:file:`flaskr_tests.py`) and create a unittest skeleton there:: create a Python file to store our tests (:file:`test_flaskr.py`). When we
format the filename like ``test_*.py``, it will be auto-discoverable by
pytest.
Next, we create a `pytest fixture`_ called
:func:`client` that configures
the application for testing and initializes a new database.::
import os import os
import flaskr
import unittest
import tempfile import tempfile
class FlaskrTestCase(unittest.TestCase): import pytest
def setUp(self): from flaskr import flaskr
self.db_fd, flaskr.app.config['DATABASE'] = tempfile.mkstemp()
flaskr.app.config['TESTING'] = True
self.app = flaskr.app.test_client()
with flaskr.app.app_context():
flaskr.init_db()
def tearDown(self):
os.close(self.db_fd)
os.unlink(flaskr.app.config['DATABASE'])
if __name__ == '__main__': @pytest.fixture
unittest.main() def client():
db_fd, flaskr.app.config['DATABASE'] = tempfile.mkstemp()
flaskr.app.config['TESTING'] = True
client = flaskr.app.test_client()
with flaskr.app.app_context():
flaskr.init_db()
yield client
The code in the :meth:`~unittest.TestCase.setUp` method creates a new test os.close(db_fd)
client and initializes a new database. This function is called before os.unlink(flaskr.app.config['DATABASE'])
each individual test function is run. To delete the database after the
test, we close the file and remove it from the filesystem in the
:meth:`~unittest.TestCase.tearDown` method. Additionally during setup the
``TESTING`` config flag is activated. What it does is disable the error
catching during request handling so that you get better error reports when
performing test requests against the application.
This test client will give us a simple interface to the application. We can This client fixture will be called by each individual test. It gives us a
trigger test requests to the application, and the client will also keep track simple interface to the application, where we can trigger test requests to the
of cookies for us. application. The client will also keep track of cookies for us.
Because SQLite3 is filesystem-based we can easily use the tempfile module During setup, the ``TESTING`` config flag is activated. What
this does is disable error catching during request handling, so that
you get better error reports when performing test requests against the
application.
Because SQLite3 is filesystem-based, we can easily use the :mod:`tempfile` module
to create a temporary database and initialize it. The to create a temporary database and initialize it. The
:func:`~tempfile.mkstemp` function does two things for us: it returns a :func:`~tempfile.mkstemp` function does two things for us: it returns a
low-level file handle and a random file name, the latter we use as low-level file handle and a random file name, the latter we use as
database name. We just have to keep the `db_fd` around so that we can use database name. We just have to keep the `db_fd` around so that we can use
the :func:`os.close` function to close the file. the :func:`os.close` function to close the file.
To delete the database after the test, the fixture closes the file and removes
it from the filesystem.
If we now run the test suite, we should see the following output:: If we now run the test suite, we should see the following output::
$ python flaskr_tests.py $ pytest
---------------------------------------------------------------------- ================ test session starts ================
Ran 0 tests in 0.000s rootdir: ./flask/examples/flaskr, inifile: setup.cfg
collected 0 items
OK =========== no tests ran in 0.07 seconds ============
Even though it did not run any actual tests, we already know that our flaskr Even though it did not run any actual tests, we already know that our ``flaskr``
application is syntactically valid, otherwise the import would have died application is syntactically valid, otherwise the import would have died
with an exception. with an exception.
.. _pytest fixture:
https://docs.pytest.org/en/latest/fixture.html
The First Test The First Test
-------------- --------------
Now it's time to start testing the functionality of the application. Now it's time to start testing the functionality of the application.
Let's check that the application shows "No entries here so far" if we Let's check that the application shows "No entries here so far" if we
access the root of the application (``/``). To do this, we add a new access the root of the application (``/``). To do this, we add a new
test method to our class, like this:: test function to :file:`test_flaskr.py`, like this::
class FlaskrTestCase(unittest.TestCase):
def setUp(self):
self.db_fd, flaskr.app.config['DATABASE'] = tempfile.mkstemp()
self.app = flaskr.app.test_client()
flaskr.init_db()
def tearDown(self): def test_empty_db(client):
os.close(self.db_fd) """Start with a blank database."""
os.unlink(flaskr.app.config['DATABASE'])
def test_empty_db(self): rv = client.get('/')
rv = self.app.get('/') assert b'No entries here so far' in rv.data
assert b'No entries here so far' in rv.data
Notice that our test functions begin with the word `test`; this allows Notice that our test functions begin with the word `test`; this allows
:mod:`unittest` to automatically identify the method as a test to run. `pytest`_ to automatically identify the function as a test to run.
By using `self.app.get` we can send an HTTP ``GET`` request to the application with By using ``client.get`` we can send an HTTP ``GET`` request to the application with
the given path. The return value will be a :class:`~flask.Flask.response_class` object. the given path. The return value will be a :class:`~flask.Flask.response_class` object.
We can now use the :attr:`~werkzeug.wrappers.BaseResponse.data` attribute to inspect We can now use the :attr:`~werkzeug.wrappers.BaseResponse.data` attribute to inspect
the return value (as string) from the application. In this case, we ensure that the return value (as string) from the application. In this case, we ensure that
@ -120,12 +128,15 @@ the return value (as string) from the application. In this case, we ensure that
Run it again and you should see one passing test:: Run it again and you should see one passing test::
$ python flaskr_tests.py $ pytest -v
.
----------------------------------------------------------------------
Ran 1 test in 0.034s
OK ================ test session starts ================
rootdir: ./flask/examples/flaskr, inifile: setup.cfg
collected 1 items
tests/test_flaskr.py::test_empty_db PASSED
============= 1 passed in 0.10 seconds ==============
Logging In and Out Logging In and Out
------------------ ------------------
@ -136,39 +147,47 @@ of the application. To do this, we fire some requests to the login and logout
pages with the required form data (username and password). And because the pages with the required form data (username and password). And because the
login and logout pages redirect, we tell the client to `follow_redirects`. login and logout pages redirect, we tell the client to `follow_redirects`.
Add the following two methods to your `FlaskrTestCase` class:: Add the following two functions to your :file:`test_flaskr.py` file::
def login(client, username, password):
return client.post('/login', data=dict(
username=username,
password=password
), follow_redirects=True)
def login(self, username, password):
return self.app.post('/login', data=dict(
username=username,
password=password
), follow_redirects=True)
def logout(self): def logout(client):
return self.app.get('/logout', follow_redirects=True) return client.get('/logout', follow_redirects=True)
Now we can easily test that logging in and out works and that it fails with Now we can easily test that logging in and out works and that it fails with
invalid credentials. Add this new test to the class:: invalid credentials. Add this new test function::
def test_login_logout(self): def test_login_logout(client):
rv = self.login('admin', 'default') """Make sure login and logout works."""
assert b'You were logged in' in rv.data
rv = self.logout() rv = login(client, flaskr.app.config['USERNAME'], flaskr.app.config['PASSWORD'])
assert b'You were logged out' in rv.data assert b'You were logged in' in rv.data
rv = self.login('adminx', 'default')
assert b'Invalid username' in rv.data rv = logout(client)
rv = self.login('admin', 'defaultx') assert b'You were logged out' in rv.data
assert b'Invalid password' in rv.data
rv = login(client, flaskr.app.config['USERNAME'] + 'x', flaskr.app.config['PASSWORD'])
assert b'Invalid username' in rv.data
rv = login(client, flaskr.app.config['USERNAME'], flaskr.app.config['PASSWORD'] + 'x')
assert b'Invalid password' in rv.data
Test Adding Messages Test Adding Messages
-------------------- --------------------
We should also test that adding messages works. Add a new test method We should also test that adding messages works. Add a new test function
like this:: like this::
def test_messages(self): def test_messages(client):
self.login('admin', 'default') """Test that messages work."""
rv = self.app.post('/add', data=dict(
login(client, flaskr.app.config['USERNAME'], flaskr.app.config['PASSWORD'])
rv = client.post('/add', data=dict(
title='<Hello>', title='<Hello>',
text='<strong>HTML</strong> allowed here' text='<strong>HTML</strong> allowed here'
), follow_redirects=True) ), follow_redirects=True)
@ -181,22 +200,25 @@ which is the intended behavior.
Running that should now give us three passing tests:: Running that should now give us three passing tests::
$ python flaskr_tests.py $ pytest -v
...
---------------------------------------------------------------------- ================ test session starts ================
Ran 3 tests in 0.332s rootdir: ./flask/examples/flaskr, inifile: setup.cfg
collected 3 items
tests/test_flaskr.py::test_empty_db PASSED
tests/test_flaskr.py::test_login_logout PASSED
tests/test_flaskr.py::test_messages PASSED
OK ============= 3 passed in 0.23 seconds ==============
For more complex tests with headers and status codes, check out the For more complex tests with headers and status codes, check out the
`MiniTwit Example`_ from the sources which contains a larger test `MiniTwit Example`_ from the sources which contains a larger test
suite. suite.
.. _MiniTwit Example: .. _MiniTwit Example:
https://github.com/pallets/flask/tree/master/examples/minitwit/ https://github.com/pallets/flask/tree/master/examples/minitwit/
Other Testing Tricks Other Testing Tricks
-------------------- --------------------
@ -353,3 +375,81 @@ independently of the session backend used::
Note that in this case you have to use the ``sess`` object instead of the Note that in this case you have to use the ``sess`` object instead of the
:data:`flask.session` proxy. The object however itself will provide the :data:`flask.session` proxy. The object however itself will provide the
same interface. same interface.
Testing JSON APIs
-----------------
.. versionadded:: 1.0
Flask has great support for JSON, and is a popular choice for building JSON
APIs. Making requests with JSON data and examining JSON data in responses is
very convenient::
from flask import request, jsonify
@app.route('/api/auth')
def auth():
json_data = request.get_json()
email = json_data['email']
password = json_data['password']
return jsonify(token=generate_token(email, password))
with app.test_client() as c:
rv = c.post('/api/auth', json={
'username': 'flask', 'password': 'secret'
})
json_data = rv.get_json()
assert verify_token(email, json_data['token'])
Passing the ``json`` argument in the test client methods sets the request data
to the JSON-serialized object and sets the content type to
``application/json``. You can get the JSON data from the request or response
with ``get_json``.
.. _testing-cli:
Testing CLI Commands
--------------------
Click comes with `utilities for testing`_ your CLI commands.
Use :meth:`CliRunner.invoke <click.testing.CliRunner.invoke>` to call
commands in the same way they would be called from the command line. The
:class:`~click.testing.CliRunner` runs the command in isolation and
captures the output in a :class:`~click.testing.Result` object. ::
import click
from click.testing import CliRunner
@app.cli.command('hello')
@click.option('--name', default='World')
def hello_command(name)
click.echo(f'Hello, {name}!')
def test_hello():
runner = CliRunner()
result = runner.invoke(hello_command, ['--name', 'Flask'])
assert 'Hello, Flask' in result.output
If you want to test how your command parses parameters, without running
the command, use the command's :meth:`~click.BaseCommand.make_context`
method. This is useful for testing complex validation rules and custom
types. ::
def upper(ctx, param, value):
if value is not None:
return value.upper()
@app.cli.command('hello')
@click.option('--name', default='World', callback=upper)
def hello_command(name)
click.echo(f'Hello, {name}!')
def test_hello_params():
context = hello_command.make_context('hello', ['--name', 'flask'])
assert context.params['name'] == 'FLASK'
.. _click: http://click.pocoo.org/
.. _utilities for testing: http://click.pocoo.org/testing

3
docs/tutorial/dbcon.rst

@ -3,6 +3,9 @@
Step 4: Database Connections Step 4: Database Connections
---------------------------- ----------------------------
Let's continue building our code in the ``flaskr.py`` file.
(Scroll to the end of the page for more about project layout.)
You currently have a function for establishing a database connection with You currently have a function for establishing a database connection with
`connect_db`, but by itself, it is not particularly useful. Creating and `connect_db`, but by itself, it is not particularly useful. Creating and
closing database connections all the time is very inefficient, so you will closing database connections all the time is very inefficient, so you will

31
docs/tutorial/dbinit.rst

@ -9,31 +9,37 @@ systems need a schema that tells them how to store that information.
Before starting the server for the first time, it's important to create Before starting the server for the first time, it's important to create
that schema. that schema.
Such a schema can be created by piping the ``schema.sql`` file into the Such a schema could be created by piping the ``schema.sql`` file into the
`sqlite3` command as follows:: ``sqlite3`` command as follows::
sqlite3 /tmp/flaskr.db < schema.sql sqlite3 /tmp/flaskr.db < schema.sql
The downside of this is that it requires the ``sqlite3`` command to be However, the downside of this is that it requires the ``sqlite3`` command
installed, which is not necessarily the case on every system. This also to be installed, which is not necessarily the case on every system. This
requires that you provide the path to the database, which can introduce also requires that you provide the path to the database, which can introduce
errors. It's a good idea to add a function that initializes the database errors.
for you, to the application.
To do this, you can create a function and hook it into a :command:`flask` Instead of the ``sqlite3`` command above, it's a good idea to add a function
command that initializes the database. For now just take a look at the to our application that initializes the database for you. To do this, you
code segment below. A good place to add this function, and command, is can create a function and hook it into a :command:`flask` command that
just below the `connect_db` function in :file:`flaskr.py`:: initializes the database.
Take a look at the code segment below. A good place to add this function,
and command, is just below the ``connect_db`` function in :file:`flaskr.py`::
def init_db(): def init_db():
db = get_db() db = get_db()
with app.open_resource('schema.sql', mode='r') as f: with app.open_resource('schema.sql', mode='r') as f:
db.cursor().executescript(f.read()) db.cursor().executescript(f.read())
db.commit() db.commit()
@app.cli.command('initdb') @app.cli.command('initdb')
def initdb_command(): def initdb_command():
"""Initializes the database.""" """Initializes the database."""
init_db() init_db()
print('Initialized the database.') print('Initialized the database.')
@ -59,7 +65,8 @@ On that cursor, there is a method to execute a complete script. Finally, you
only have to commit the changes. SQLite3 and other transactional only have to commit the changes. SQLite3 and other transactional
databases will not commit unless you explicitly tell it to. databases will not commit unless you explicitly tell it to.
Now, it is possible to create a database with the :command:`flask` script:: Now, in a terminal, from the application root directory :file:`flaskr/` it is
possible to create a database with the :command:`flask` script::
flask initdb flask initdb
Initialized the database. Initialized the database.

14
docs/tutorial/folders.rst

@ -3,8 +3,11 @@
Step 0: Creating The Folders Step 0: Creating The Folders
============================ ============================
Before getting started, you will need to create the folders needed for this It is recommended to install your Flask application within a virtualenv. Please
application:: read the :ref:`installation` section to set up your environment.
Now that you have installed Flask, you will need to create the folders required
for this tutorial. Your directory structure will look like this::
/flaskr /flaskr
/flaskr /flaskr
@ -13,9 +16,10 @@ application::
The application will be installed and run as Python package. This is the The application will be installed and run as Python package. This is the
recommended way to install and run Flask applications. You will see exactly recommended way to install and run Flask applications. You will see exactly
how to run ``flaskr`` later on in this tutorial. For now go ahead and create how to run ``flaskr`` later on in this tutorial.
the applications directory structure. In the next few steps you will be
creating the database schema as well as the main module. For now go ahead and create the applications directory structure. In the next
few steps you will be creating the database schema as well as the main module.
As a quick side note, the files inside of the :file:`static` folder are As a quick side note, the files inside of the :file:`static` folder are
available to users of the application via HTTP. This is the place where CSS and available to users of the application via HTTP. This is the place where CSS and

18
docs/tutorial/index.rst

@ -3,19 +3,19 @@
Tutorial Tutorial
======== ========
You want to develop an application with Python and Flask? Here you have Learn by example to develop an application with Python and Flask.
the chance to learn by example. In this tutorial, we will create a simple
microblogging application. It only supports one user that can create In this tutorial, we will create a simple blogging application. It only
text-only entries and there are no feeds or comments, but it still supports one user, only allows text entries, and has no feeds or comments.
features everything you need to get started. We will use Flask and SQLite
as a database (which comes out of the box with Python) so there is nothing While very simple, this example still features everything you need to get
else you need. started. In addition to Flask, we will use SQLite for the database, which is
built-in to Python, so there is nothing else you need.
If you want the full source code in advance or for comparison, check out If you want the full source code in advance or for comparison, check out
the `example source`_. the `example source`_.
.. _example source: .. _example source: https://github.com/pallets/flask/tree/master/examples/flaskr/
https://github.com/pallets/flask/tree/master/examples/flaskr/
.. toctree:: .. toctree::
:maxdepth: 2 :maxdepth: 2

9
docs/tutorial/introduction.rst

@ -22,7 +22,12 @@ connections in a more intelligent way, allowing you to target different
relational databases at once and more. You might also want to consider relational databases at once and more. You might also want to consider
one of the popular NoSQL databases if your data is more suited for those. one of the popular NoSQL databases if your data is more suited for those.
Here a screenshot of the final application: .. warning::
If you're following the tutorial from a specific version of the docs, be
sure to check out the same tag in the repository, otherwise the tutorial
may be different than the example.
Here is a screenshot of the final application:
.. image:: ../_static/flaskr.png .. image:: ../_static/flaskr.png
:align: center :align: center
@ -31,4 +36,4 @@ Here a screenshot of the final application:
Continue with :ref:`tutorial-folders`. Continue with :ref:`tutorial-folders`.
.. _SQLAlchemy: http://www.sqlalchemy.org/ .. _SQLAlchemy: https://www.sqlalchemy.org/

38
docs/tutorial/packaging.rst

@ -25,9 +25,7 @@ changes, your code structure should be::
setup.py setup.py
MANIFEST.in MANIFEST.in
The content of the ``setup.py`` file for ``flaskr`` is: Create the ``setup.py`` file for ``flaskr`` with the following content::
.. sourcecode:: python
from setuptools import setup from setuptools import setup
@ -43,53 +41,55 @@ The content of the ``setup.py`` file for ``flaskr`` is:
When using setuptools, it is also necessary to specify any special files When using setuptools, it is also necessary to specify any special files
that should be included in your package (in the :file:`MANIFEST.in`). that should be included in your package (in the :file:`MANIFEST.in`).
In this case, the static and templates directories need to be included, In this case, the static and templates directories need to be included,
as well as the schema. Create the :file:`MANIFEST.in` and add the as well as the schema.
following lines::
Create the :file:`MANIFEST.in` and add the following lines::
graft flaskr/templates graft flaskr/templates
graft flaskr/static graft flaskr/static
include flaskr/schema.sql include flaskr/schema.sql
To simplify locating the application, add the following import statement Next, to simplify locating the application, create the file,
into this file, :file:`flaskr/__init__.py`: :file:`flaskr/__init__.py` containing only the following import statement::
.. sourcecode:: python from .flaskr import app
from flaskr import app
This import statement brings the application instance into the top-level This import statement brings the application instance into the top-level
of the application package. When it is time to run the application, the of the application package. When it is time to run the application, the
Flask development server needs the location of the app instance. This Flask development server needs the location of the app instance. This
import statement simplifies the location process. Without it the export import statement simplifies the location process. Without the above
statement a few steps below would need to be import statement, the export statement a few steps below would need to be
``export FLASK_APP=flaskr.flaskr``. ``export FLASK_APP=flaskr.flaskr``.
At this point you should be able to install the application. As usual, it At this point you should be able to install the application. As usual, it
is recommended to install your Flask application within a `virtualenv`_. is recommended to install your Flask application within a `virtualenv`_.
With that said, go ahead and install the application with:: With that said, from the ``flaskr/`` directory, go ahead and install the
application with::
pip install --editable . pip install --editable .
The above installation command assumes that it is run within the projects The above installation command assumes that it is run within the projects
root directory, `flaskr/`. The `editable` flag allows editing root directory, ``flaskr/``. The ``editable`` flag allows editing
source code without having to reinstall the Flask app each time you make source code without having to reinstall the Flask app each time you make
changes. The flaskr app is now installed in your virtualenv (see output changes. The flaskr app is now installed in your virtualenv (see output
of ``pip freeze``). of ``pip freeze``).
With that out of the way, you should be able to start up the application. With that out of the way, you should be able to start up the application.
Do this with the following commands:: Do this on Mac or Linux with the following commands in ``flaskr/``::
export FLASK_APP=flaskr export FLASK_APP=flaskr
export FLASK_DEBUG=true export FLASK_ENV=development
flask run flask run
(In case you are on Windows you need to use `set` instead of `export`). (In case you are on Windows you need to use ``set`` instead of ``export``).
The :envvar:`FLASK_DEBUG` flag enables or disables the interactive debugger. Exporting ``FLASK_ENV=development`` turns on all development features
such as enabling the interactive debugger.
*Never leave debug mode activated in a production system*, because it will *Never leave debug mode activated in a production system*, because it will
allow users to execute code on the server! allow users to execute code on the server!
You will see a message telling you that server has started along with You will see a message telling you that server has started along with
the address at which you can access it. the address at which you can access it in a browser.
When you head over to the server in your browser, you will get a 404 error When you head over to the server in your browser, you will get a 404 error
because we don't have any views yet. That will be addressed a little later, because we don't have any views yet. That will be addressed a little later,

74
docs/tutorial/setup.rst

@ -3,42 +3,46 @@
Step 2: Application Setup Code Step 2: Application Setup Code
============================== ==============================
Now that the schema is in place, you can create the application module, Next, we will create the application module, :file:`flaskr.py`. Just like the
:file:`flaskr.py`. This file should be placed inside of the :file:`schema.sql` file you created in the previous step, this file should be
:file:`flaskr/flaskr` folder. The first several lines of code in the placed inside of the :file:`flaskr/flaskr` folder.
application module are the needed import statements. After that there will be a
few lines of configuration code. For small applications like ``flaskr``, it is For this tutorial, all the Python code we use will be put into this file
possible to drop the configuration directly into the module. However, a cleaner (except for one line in ``__init__.py``, and any testing or optional files you
solution is to create a separate ``.ini`` or ``.py`` file, load that, and decide to create).
import the values from there.
The first several lines of code in the application module are the needed import
statements. After that there will be a few lines of configuration code.
For small applications like ``flaskr``, it is possible to drop the configuration
directly into the module. However, a cleaner solution is to create a separate
``.py`` file, load that, and import the values from there.
Here are the import statements (in :file:`flaskr.py`):: Here are the import statements (in :file:`flaskr.py`)::
# all the imports
import os import os
import sqlite3 import sqlite3
from flask import Flask, request, session, g, redirect, url_for, abort, \
render_template, flash
The next couple lines will create the actual application instance and from flask import (Flask, request, session, g, redirect, url_for, abort,
initialize it with the config from the same file in :file:`flaskr.py`: render_template, flash)
.. sourcecode:: python The next couple lines will create the actual application instance and
initialize it with the config from the same file in :file:`flaskr.py`::
app = Flask(__name__) # create the application instance :) app = Flask(__name__) # create the application instance :)
app.config.from_object(__name__) # load config from this file , flaskr.py app.config.from_object(__name__) # load config from this file , flaskr.py
# Load default config and override config from an environment variable # Load default config and override config from an environment variable
app.config.update(dict( app.config.update(
DATABASE=os.path.join(app.root_path, 'flaskr.db'), DATABASE=os.path.join(app.root_path, 'flaskr.db'),
SECRET_KEY='development key', SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/',
USERNAME='admin', USERNAME='admin',
PASSWORD='default' PASSWORD='default'
)) )
app.config.from_envvar('FLASKR_SETTINGS', silent=True) app.config.from_envvar('FLASKR_SETTINGS', silent=True)
The :class:`~flask.Config` object works similarly to a dictionary, so it can be In the above code, the :class:`~flask.Config` object works similarly to a
updated with new values. dictionary, so it can be updated with new values.
.. admonition:: Database Path .. admonition:: Database Path
@ -58,40 +62,40 @@ updated with new values.
Usually, it is a good idea to load a separate, environment-specific Usually, it is a good idea to load a separate, environment-specific
configuration file. Flask allows you to import multiple configurations and it configuration file. Flask allows you to import multiple configurations and it
will use the setting defined in the last import. This enables robust will use the setting defined in the last import. This enables robust
configuration setups. :meth:`~flask.Config.from_envvar` can help achieve this. configuration setups. :meth:`~flask.Config.from_envvar` can help achieve
this. ::
.. sourcecode:: python
app.config.from_envvar('FLASKR_SETTINGS', silent=True) app.config.from_envvar('FLASKR_SETTINGS', silent=True)
Simply define the environment variable :envvar:`FLASKR_SETTINGS` that points to If you want to do this (not required for this tutorial) simply define the
a config file to be loaded. The silent switch just tells Flask to not complain environment variable :envvar:`FLASKR_SETTINGS` that points to a config file
if no such environment key is set. to be loaded. The silent switch just tells Flask to not complain if no such
environment key is set.
In addition to that, you can use the :meth:`~flask.Config.from_object` In addition to that, you can use the :meth:`~flask.Config.from_object`
method on the config object and provide it with an import name of a method on the config object and provide it with an import name of a
module. Flask will then initialize the variable from that module. Note module. Flask will then initialize the variable from that module. Note
that in all cases, only variable names that are uppercase are considered. that in all cases, only variable names that are uppercase are considered.
The ``SECRET_KEY`` is needed to keep the client-side sessions secure. The :data:`SECRET_KEY` is needed to keep the client-side sessions secure.
Choose that key wisely and as hard to guess and complex as possible. Choose that key wisely and as hard to guess and complex as possible.
Lastly, you will add a method that allows for easy connections to the Lastly, add a method that allows for easy connections to the specified
specified database. This can be used to open a connection on request and database. ::
also from the interactive Python shell or a script. This will come in
handy later. You can create a simple database connection through SQLite and
then tell it to use the :class:`sqlite3.Row` object to represent rows.
This allows the rows to be treated as if they were dictionaries instead of
tuples.
.. sourcecode:: python
def connect_db(): def connect_db():
"""Connects to the specific database.""" """Connects to the specific database."""
rv = sqlite3.connect(app.config['DATABASE']) rv = sqlite3.connect(app.config['DATABASE'])
rv.row_factory = sqlite3.Row rv.row_factory = sqlite3.Row
return rv return rv
This can be used to open a connection on request and also from the
interactive Python shell or a script. This will come in handy later.
You can create a simple database connection through SQLite and then tell
it to use the :class:`sqlite3.Row` object to represent rows. This allows
the rows to be treated as if they were dictionaries instead of tuples.
In the next section you will see how to run the application. In the next section you will see how to run the application.
Continue with :ref:`tutorial-packaging`. Continue with :ref:`tutorial-packaging`.

9
docs/tutorial/templates.rst

@ -15,7 +15,8 @@ escaped with their XML equivalents.
We are also using template inheritance which makes it possible to reuse We are also using template inheritance which makes it possible to reuse
the layout of the website in all pages. the layout of the website in all pages.
Put the following templates into the :file:`templates` folder: Create the follwing three HTML files and place them in the
:file:`templates` folder:
.. _Jinja2: http://jinja.pocoo.org/docs/templates .. _Jinja2: http://jinja.pocoo.org/docs/templates
@ -59,7 +60,7 @@ show_entries.html
This template extends the :file:`layout.html` template from above to display the This template extends the :file:`layout.html` template from above to display the
messages. Note that the ``for`` loop iterates over the messages we passed messages. Note that the ``for`` loop iterates over the messages we passed
in with the :func:`~flask.render_template` function. Notice that the form is in with the :func:`~flask.render_template` function. Notice that the form is
configured to to submit to the `add_entry` view function and use ``POST`` as configured to submit to the `add_entry` view function and use ``POST`` as
HTTP method: HTTP method:
.. sourcecode:: html+jinja .. sourcecode:: html+jinja
@ -79,9 +80,9 @@ HTTP method:
{% endif %} {% endif %}
<ul class=entries> <ul class=entries>
{% for entry in entries %} {% for entry in entries %}
<li><h2>{{ entry.title }}</h2>{{ entry.text|safe }} <li><h2>{{ entry.title }}</h2>{{ entry.text|safe }}</li>
{% else %} {% else %}
<li><em>Unbelievable. No entries here so far</em> <li><em>Unbelievable. No entries here so far</em></li>
{% endfor %} {% endfor %}
</ul> </ul>
{% endblock %} {% endblock %}

2
docs/tutorial/testing.rst

@ -46,7 +46,7 @@ At this point you can run the tests. Here ``pytest`` will be used.
Run and watch the tests pass, within the top-level :file:`flaskr/` Run and watch the tests pass, within the top-level :file:`flaskr/`
directory as:: directory as::
py.test pytest
Testing + setuptools Testing + setuptools
-------------------- --------------------

3
docs/tutorial/views.rst

@ -4,7 +4,8 @@ Step 6: The View Functions
========================== ==========================
Now that the database connections are working, you can start writing the Now that the database connections are working, you can start writing the
view functions. You will need four of them: view functions. You will need four of them; Show Entries, Add New Entry,
Login and Logout. Add the following code snipets to :file:`flaskr.py`.
Show Entries Show Entries
------------ ------------

6
docs/upgrading.rst

@ -49,7 +49,7 @@ Any of the following is functionally equivalent::
response = send_file(open(fname), attachment_filename=fname) response = send_file(open(fname), attachment_filename=fname)
response.set_etag(...) response.set_etag(...)
The reason for this is that some file-like objects have a invalid or even The reason for this is that some file-like objects have an invalid or even
misleading ``name`` attribute. Silently swallowing errors in such cases was not misleading ``name`` attribute. Silently swallowing errors in such cases was not
a satisfying solution. a satisfying solution.
@ -143,7 +143,7 @@ when there is no request context yet but an application context. The old
``flask.Flask.request_globals_class`` attribute was renamed to ``flask.Flask.request_globals_class`` attribute was renamed to
:attr:`flask.Flask.app_ctx_globals_class`. :attr:`flask.Flask.app_ctx_globals_class`.
.. _Flask-OldSessions: http://pythonhosted.org/Flask-OldSessions/ .. _Flask-OldSessions: https://pythonhosted.org/Flask-OldSessions/
Version 0.9 Version 0.9
----------- -----------
@ -198,7 +198,7 @@ applications with Flask. Because we want to make upgrading as easy as
possible we tried to counter the problems arising from these changes by possible we tried to counter the problems arising from these changes by
providing a script that can ease the transition. providing a script that can ease the transition.
The script scans your whole application and generates an unified diff with The script scans your whole application and generates a unified diff with
changes it assumes are safe to apply. However as this is an automated changes it assumes are safe to apply. However as this is an automated
tool it won't be able to find all use cases and it might miss some. We tool it won't be able to find all use cases and it might miss some. We
internally spread a lot of deprecation warnings all over the place to make internally spread a lot of deprecation warnings all over the place to make

12
examples/flaskr/README

@ -9,17 +9,19 @@
~ How do I use it? ~ How do I use it?
1. edit the configuration in the flaskr.py file or 1. edit the configuration in the factory.py file or
export an FLASKR_SETTINGS environment variable export a FLASKR_SETTINGS environment variable
pointing to a configuration file. pointing to a configuration file or pass in a
dictionary with config values using the create_app
function.
2. install the app from the root of the project directory 2. install the app from the root of the project directory
pip install --editable . pip install --editable .
3. Instruct flask to use the right application 3. instruct flask to use the right application
export FLASK_APP=flaskr export FLASK_APP="flaskr.factory:create_app()"
4. initialize the database with this command: 4. initialize the database with this command:

1
examples/flaskr/flaskr/__init__.py

@ -1 +0,0 @@
from flaskr.flaskr import app

0
examples/flaskr/flaskr/blueprints/__init__.py

55
examples/flaskr/flaskr/flaskr.py → examples/flaskr/flaskr/blueprints/flaskr.py

@ -10,29 +10,18 @@
:license: BSD, see LICENSE for more details. :license: BSD, see LICENSE for more details.
""" """
import os
from sqlite3 import dbapi2 as sqlite3 from sqlite3 import dbapi2 as sqlite3
from flask import Flask, request, session, g, redirect, url_for, abort, \ from flask import Blueprint, request, session, g, redirect, url_for, abort, \
render_template, flash render_template, flash, current_app
# create our little application :) # create our blueprint :)
app = Flask(__name__) bp = Blueprint('flaskr', __name__)
# Load default config and override config from an environment variable
app.config.update(dict(
DATABASE=os.path.join(app.root_path, 'flaskr.db'),
DEBUG=True,
SECRET_KEY='development key',
USERNAME='admin',
PASSWORD='default'
))
app.config.from_envvar('FLASKR_SETTINGS', silent=True)
def connect_db(): def connect_db():
"""Connects to the specific database.""" """Connects to the specific database."""
rv = sqlite3.connect(app.config['DATABASE']) rv = sqlite3.connect(current_app.config['DATABASE'])
rv.row_factory = sqlite3.Row rv.row_factory = sqlite3.Row
return rv return rv
@ -40,18 +29,11 @@ def connect_db():
def init_db(): def init_db():
"""Initializes the database.""" """Initializes the database."""
db = get_db() db = get_db()
with app.open_resource('schema.sql', mode='r') as f: with current_app.open_resource('schema.sql', mode='r') as f:
db.cursor().executescript(f.read()) db.cursor().executescript(f.read())
db.commit() db.commit()
@app.cli.command('initdb')
def initdb_command():
"""Creates the database tables."""
init_db()
print('Initialized the database.')
def get_db(): def get_db():
"""Opens a new database connection if there is none yet for the """Opens a new database connection if there is none yet for the
current application context. current application context.
@ -61,14 +43,7 @@ def get_db():
return g.sqlite_db return g.sqlite_db
@app.teardown_appcontext @bp.route('/')
def close_db(error):
"""Closes the database again at the end of the request."""
if hasattr(g, 'sqlite_db'):
g.sqlite_db.close()
@app.route('/')
def show_entries(): def show_entries():
db = get_db() db = get_db()
cur = db.execute('select title, text from entries order by id desc') cur = db.execute('select title, text from entries order by id desc')
@ -76,7 +51,7 @@ def show_entries():
return render_template('show_entries.html', entries=entries) return render_template('show_entries.html', entries=entries)
@app.route('/add', methods=['POST']) @bp.route('/add', methods=['POST'])
def add_entry(): def add_entry():
if not session.get('logged_in'): if not session.get('logged_in'):
abort(401) abort(401)
@ -85,26 +60,26 @@ def add_entry():
[request.form['title'], request.form['text']]) [request.form['title'], request.form['text']])
db.commit() db.commit()
flash('New entry was successfully posted') flash('New entry was successfully posted')
return redirect(url_for('show_entries')) return redirect(url_for('flaskr.show_entries'))
@app.route('/login', methods=['GET', 'POST']) @bp.route('/login', methods=['GET', 'POST'])
def login(): def login():
error = None error = None
if request.method == 'POST': if request.method == 'POST':
if request.form['username'] != app.config['USERNAME']: if request.form['username'] != current_app.config['USERNAME']:
error = 'Invalid username' error = 'Invalid username'
elif request.form['password'] != app.config['PASSWORD']: elif request.form['password'] != current_app.config['PASSWORD']:
error = 'Invalid password' error = 'Invalid password'
else: else:
session['logged_in'] = True session['logged_in'] = True
flash('You were logged in') flash('You were logged in')
return redirect(url_for('show_entries')) return redirect(url_for('flaskr.show_entries'))
return render_template('login.html', error=error) return render_template('login.html', error=error)
@app.route('/logout') @bp.route('/logout')
def logout(): def logout():
session.pop('logged_in', None) session.pop('logged_in', None)
flash('You were logged out') flash('You were logged out')
return redirect(url_for('show_entries')) return redirect(url_for('flaskr.show_entries'))

64
examples/flaskr/flaskr/factory.py

@ -0,0 +1,64 @@
# -*- coding: utf-8 -*-
"""
Flaskr
~~~~~~
A microblog example application written as Flask tutorial with
Flask and sqlite3.
:copyright: (c) 2015 by Armin Ronacher.
:license: BSD, see LICENSE for more details.
"""
import os
from flask import Flask, g
from werkzeug.utils import find_modules, import_string
from flaskr.blueprints.flaskr import init_db
def create_app(config=None):
app = Flask('flaskr')
app.config.update(dict(
DATABASE=os.path.join(app.root_path, 'flaskr.db'),
DEBUG=True,
SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/',
USERNAME='admin',
PASSWORD='default'
))
app.config.update(config or {})
app.config.from_envvar('FLASKR_SETTINGS', silent=True)
register_blueprints(app)
register_cli(app)
register_teardowns(app)
return app
def register_blueprints(app):
"""Register all blueprint modules
Reference: Armin Ronacher, "Flask for Fun and for Profit" PyBay 2016.
"""
for name in find_modules('flaskr.blueprints'):
mod = import_string(name)
if hasattr(mod, 'bp'):
app.register_blueprint(mod.bp)
return None
def register_cli(app):
@app.cli.command('initdb')
def initdb_command():
"""Creates the database tables."""
init_db()
print('Initialized the database.')
def register_teardowns(app):
@app.teardown_appcontext
def close_db(error):
"""Closes the database again at the end of the request."""
if hasattr(g, 'sqlite_db'):
g.sqlite_db.close()

4
examples/flaskr/flaskr/templates/layout.html

@ -5,9 +5,9 @@
<h1>Flaskr</h1> <h1>Flaskr</h1>
<div class="metanav"> <div class="metanav">
{% if not session.logged_in %} {% if not session.logged_in %}
<a href="{{ url_for('login') }}">log in</a> <a href="{{ url_for('flaskr.login') }}">log in</a>
{% else %} {% else %}
<a href="{{ url_for('logout') }}">log out</a> <a href="{{ url_for('flaskr.logout') }}">log out</a>
{% endif %} {% endif %}
</div> </div>
{% for message in get_flashed_messages() %} {% for message in get_flashed_messages() %}

2
examples/flaskr/flaskr/templates/login.html

@ -2,7 +2,7 @@
{% block body %} {% block body %}
<h2>Login</h2> <h2>Login</h2>
{% if error %}<p class="error"><strong>Error:</strong> {{ error }}{% endif %} {% if error %}<p class="error"><strong>Error:</strong> {{ error }}{% endif %}
<form action="{{ url_for('login') }}" method="post"> <form action="{{ url_for('flaskr.login') }}" method="post">
<dl> <dl>
<dt>Username: <dt>Username:
<dd><input type="text" name="username"> <dd><input type="text" name="username">

2
examples/flaskr/flaskr/templates/show_entries.html

@ -1,7 +1,7 @@
{% extends "layout.html" %} {% extends "layout.html" %}
{% block body %} {% block body %}
{% if session.logged_in %} {% if session.logged_in %}
<form action="{{ url_for('add_entry') }}" method="post" class="add-entry"> <form action="{{ url_for('flaskr.add_entry') }}" method="post" class="add-entry">
<dl> <dl>
<dt>Title: <dt>Title:
<dd><input type="text" size="30" name="title"> <dd><input type="text" size="30" name="title">

15
examples/flaskr/setup.py

@ -1,8 +1,19 @@
from setuptools import setup # -*- coding: utf-8 -*-
"""
Flaskr Tests
~~~~~~~~~~~~
Tests the Flaskr application.
:copyright: (c) 2015 by Armin Ronacher.
:license: BSD, see LICENSE for more details.
"""
from setuptools import setup, find_packages
setup( setup(
name='flaskr', name='flaskr',
packages=['flaskr'], packages=find_packages(),
include_package_data=True, include_package_data=True,
install_requires=[ install_requires=[
'flask', 'flask',

51
examples/flaskr/tests/test_flaskr.py

@ -12,23 +12,30 @@
import os import os
import tempfile import tempfile
import pytest import pytest
from flaskr import flaskr from flaskr.factory import create_app
from flaskr.blueprints.flaskr import init_db
@pytest.fixture @pytest.fixture
def client(request): def app():
db_fd, flaskr.app.config['DATABASE'] = tempfile.mkstemp() db_fd, db_path = tempfile.mkstemp()
flaskr.app.config['TESTING'] = True config = {
client = flaskr.app.test_client() 'DATABASE': db_path,
with flaskr.app.app_context(): 'TESTING': True,
flaskr.init_db() }
app = create_app(config=config)
def teardown(): with app.app_context():
os.close(db_fd) init_db()
os.unlink(flaskr.app.config['DATABASE']) yield app
request.addfinalizer(teardown)
return client os.close(db_fd)
os.unlink(db_path)
@pytest.fixture
def client(app):
return app.test_client()
def login(client, username, password): def login(client, username, password):
@ -48,25 +55,25 @@ def test_empty_db(client):
assert b'No entries here so far' in rv.data assert b'No entries here so far' in rv.data
def test_login_logout(client): def test_login_logout(client, app):
"""Make sure login and logout works""" """Make sure login and logout works"""
rv = login(client, flaskr.app.config['USERNAME'], rv = login(client, app.config['USERNAME'],
flaskr.app.config['PASSWORD']) app.config['PASSWORD'])
assert b'You were logged in' in rv.data assert b'You were logged in' in rv.data
rv = logout(client) rv = logout(client)
assert b'You were logged out' in rv.data assert b'You were logged out' in rv.data
rv = login(client, flaskr.app.config['USERNAME'] + 'x', rv = login(client,app.config['USERNAME'] + 'x',
flaskr.app.config['PASSWORD']) app.config['PASSWORD'])
assert b'Invalid username' in rv.data assert b'Invalid username' in rv.data
rv = login(client, flaskr.app.config['USERNAME'], rv = login(client, app.config['USERNAME'],
flaskr.app.config['PASSWORD'] + 'x') app.config['PASSWORD'] + 'x')
assert b'Invalid password' in rv.data assert b'Invalid password' in rv.data
def test_messages(client): def test_messages(client, app):
"""Test that messages work""" """Test that messages work"""
login(client, flaskr.app.config['USERNAME'], login(client, app.config['USERNAME'],
flaskr.app.config['PASSWORD']) app.config['PASSWORD'])
rv = client.post('/add', data=dict( rv = client.post('/add', data=dict(
title='<Hello>', title='<Hello>',
text='<strong>HTML</strong> allowed here' text='<strong>HTML</strong> allowed here'

10
examples/minitwit/README

@ -14,15 +14,19 @@
export an MINITWIT_SETTINGS environment variable export an MINITWIT_SETTINGS environment variable
pointing to a configuration file. pointing to a configuration file.
2. tell flask about the right application: 2. install the app from the root of the project directory
pip install --editable .
3. tell flask about the right application:
export FLASK_APP=minitwit export FLASK_APP=minitwit
2. fire up a shell and run this: 4. fire up a shell and run this:
flask initdb flask initdb
3. now you can run minitwit: 5. now you can run minitwit:
flask run flask run

2
examples/minitwit/minitwit/__init__.py

@ -1 +1 @@
from minitwit import app from .minitwit import app

6
examples/minitwit/minitwit/minitwit.py

@ -22,10 +22,10 @@ from werkzeug import check_password_hash, generate_password_hash
DATABASE = '/tmp/minitwit.db' DATABASE = '/tmp/minitwit.db'
PER_PAGE = 30 PER_PAGE = 30
DEBUG = True DEBUG = True
SECRET_KEY = 'development key' SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
# create our little application :) # create our little application :)
app = Flask(__name__) app = Flask('minitwit')
app.config.from_object(__name__) app.config.from_object(__name__)
app.config.from_envvar('MINITWIT_SETTINGS', silent=True) app.config.from_envvar('MINITWIT_SETTINGS', silent=True)
@ -85,7 +85,7 @@ def format_datetime(timestamp):
def gravatar_url(email, size=80): def gravatar_url(email, size=80):
"""Return the gravatar image for the given email address.""" """Return the gravatar image for the given email address."""
return 'http://www.gravatar.com/avatar/%s?d=identicon&s=%d' % \ return 'https://www.gravatar.com/avatar/%s?d=identicon&s=%d' % \
(md5(email.strip().lower().encode('utf-8')).hexdigest(), size) (md5(email.strip().lower().encode('utf-8')).hexdigest(), size)

12
examples/minitwit/tests/test_minitwit.py

@ -15,18 +15,16 @@ from minitwit import minitwit
@pytest.fixture @pytest.fixture
def client(request): def client():
db_fd, minitwit.app.config['DATABASE'] = tempfile.mkstemp() db_fd, minitwit.app.config['DATABASE'] = tempfile.mkstemp()
client = minitwit.app.test_client() client = minitwit.app.test_client()
with minitwit.app.app_context(): with minitwit.app.app_context():
minitwit.init_db() minitwit.init_db()
def teardown(): yield client
"""Get rid of the database again after each test."""
os.close(db_fd) os.close(db_fd)
os.unlink(minitwit.app.config['DATABASE']) os.unlink(minitwit.app.config['DATABASE'])
request.addfinalizer(teardown)
return client
def register(client, username, password, password2=None, email=None): def register(client, username, password, password2=None, email=None):

10
examples/patterns/largerapp/setup.py

@ -0,0 +1,10 @@
from setuptools import setup
setup(
name='yourapplication',
packages=['yourapplication'],
include_package_data=True,
install_requires=[
'flask',
],
)

12
examples/patterns/largerapp/tests/test_largerapp.py

@ -0,0 +1,12 @@
from yourapplication import app
import pytest
@pytest.fixture
def client():
app.config['TESTING'] = True
client = app.test_client()
return client
def test_index(client):
rv = client.get('/')
assert b"Hello World!" in rv.data

4
examples/patterns/largerapp/yourapplication/__init__.py

@ -0,0 +1,4 @@
from flask import Flask
app = Flask('yourapplication')
import yourapplication.views

0
examples/patterns/largerapp/yourapplication/static/style.css

0
examples/patterns/largerapp/yourapplication/templates/index.html

0
examples/patterns/largerapp/yourapplication/templates/layout.html

0
examples/patterns/largerapp/yourapplication/templates/login.html

5
examples/patterns/largerapp/yourapplication/views.py

@ -0,0 +1,5 @@
from yourapplication import app
@app.route('/')
def index():
return 'Hello World!'

4
flask/__init__.py

@ -10,7 +10,7 @@
:license: BSD, see LICENSE for more details. :license: BSD, see LICENSE for more details.
""" """
__version__ = '0.11.2-dev' __version__ = '0.13-dev'
# utilities we import from Werkzeug and Jinja2 that are unused # utilities we import from Werkzeug and Jinja2 that are unused
# in the module but are exported as public interface. # in the module but are exported as public interface.
@ -40,7 +40,7 @@ from .signals import signals_available, template_rendered, request_started, \
# it. # it.
from . import json from . import json
# This was the only thing that flask used to export at one point and it had # This was the only thing that Flask used to export at one point and it had
# a more generic name. # a more generic name.
jsonify = json.jsonify jsonify = json.jsonify

2
flask/_compat.py

@ -25,6 +25,7 @@ if not PY2:
itervalues = lambda d: iter(d.values()) itervalues = lambda d: iter(d.values())
iteritems = lambda d: iter(d.items()) iteritems = lambda d: iter(d.items())
from inspect import getfullargspec as getargspec
from io import StringIO from io import StringIO
def reraise(tp, value, tb=None): def reraise(tp, value, tb=None):
@ -43,6 +44,7 @@ else:
itervalues = lambda d: d.itervalues() itervalues = lambda d: d.itervalues()
iteritems = lambda d: d.iteritems() iteritems = lambda d: d.iteritems()
from inspect import getargspec
from cStringIO import StringIO from cStringIO import StringIO
exec('def reraise(tp, value, tb=None):\n raise tp, value, tb') exec('def reraise(tp, value, tb=None):\n raise tp, value, tb')

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save