CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-flask-wtf

Form rendering, validation, and CSRF protection for Flask with WTForms.

72

0.91x
Overview
Eval results
Files

task.mdevals/scenario-5/

User Registration Form with CSRF Protection

Build a Flask application with a user registration form that properly integrates CSRF protection at both the application and form levels.

Requirements

Create a Flask web application with the following components:

  1. A user registration form with the following fields:

    • Username (required, string)
    • Email (required, string)
    • Password (required, string)
    • Confirm Password (required, string)

  2. CSRF protection must be enabled globally for the entire application using the appropriate extension.

  3. The registration form must also include form-level CSRF protection.

  4. Create a route /register that:

    • Accepts GET requests to display the registration form
    • Accepts POST requests to process form submissions
    • Returns "Registration successful" when the form validates successfully
    • Returns appropriate error messages when validation fails

  5. Create a route /health that is exempt from CSRF protection and returns "OK" for health checks.

  6. The application should properly handle CSRF token validation without performing redundant checks when both global and form-level protection are active.

Test Cases

  • When a GET request is made to /register, the response contains a CSRF token field @test
  • When a valid POST request with correct CSRF token is made to /register, the response is "Registration successful" @test
  • When a POST request without a CSRF token is made to /register, the response has a 400 status code @test
  • When a GET request is made to /health, the response is "OK" @test
  • When a POST request without a CSRF token is made to /health, the response is "OK" (no CSRF check) @test

@generates

API

# Flask application setup
from flask import Flask

app = Flask(__name__)
app.config['SECRET_KEY'] = 'test-secret-key-12345'

# Registration route
@app.route('/register', methods=['GET', 'POST'])
def register():
    """Handle user registration with CSRF-protected form."""
    pass

# Health check route (CSRF exempt)
@app.route('/health', methods=['GET', 'POST'])
def health():
    """Health check endpoint without CSRF protection."""
    pass

Dependencies { .dependencies }

Flask { .dependency }

Provides the web framework for building the application.

Flask-WTF { .dependency }

Provides form handling and CSRF protection for Flask applications.

WTForms { .dependency }

Provides form field definitions and validation support.

Install with Tessl CLI

npx tessl i tessl/pypi-flask-wtf

evals

scenario-5

rubric.json

task.md

tile.json