From b51620eb9502997a2f55a485e55e0e73f6450449 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alex@spline.inf.fu-berlin.de>
Date: Tue, 18 Nov 2014 05:47:53 +0100
Subject: forms: use Form from flask.ext.wtf as base for all forms

Form from flask.ext.wtf has automatic csfr handling included. We need to hide this
form fields but we get extra security for nothing more.
---
 forms.py                    | 5 +++--
 templates/_formhelpers.html | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/forms.py b/forms.py
index 1944eaa..844bf16 100644
--- a/forms.py
+++ b/forms.py
@@ -1,10 +1,11 @@
-from wtforms import From, HiddenField, validators
+from wtforms import HiddenField, validators
 from utils import Unique
 from models import Group
 from wtfpeewee.orm import model_form
+from flask.ext.wtf import Form
 
 
-CreateGroup = model_form(Group, exclude=['api_id'], field_args={
+CreateGroup = model_form(Group, base_class=Form, exclude=['api_id'], field_args={
     'name': {'validators': [
         validators.Required(),
         validators.Regexp('^[a-zA-Z1-9_-]+$', message=u'Invalid group name '
diff --git a/templates/_formhelpers.html b/templates/_formhelpers.html
index e50f482..f0fe7fe 100644
--- a/templates/_formhelpers.html
+++ b/templates/_formhelpers.html
@@ -1,5 +1,5 @@
 {% macro render_field(field) %}
-  {% if field.type == 'HiddenField' %}
+  {% if field.type in ['HiddenField', 'CSRFTokenField'] %}
     {{ field()|safe }}
   {% else %}
     <div class="form-group {% if field.errors %}has-error{% endif %}">
-- 
cgit v1.2.3-1-g7c22