# 4.1 Configuration

> Flask-WTF expects the application to have a secret key configured. A secret key is a string with any random and unique content that is used as an encryption or signing key to improve the security of the application in several ways. Flask uses this key to protect the contents of the user session against tampering.

Store this key in `app.config` as a dictionary value with key 'SECRET_KEY' for now.
<br><br>

# 4.2 Form Classes

> When using Flask-WTF, each web form is represented in the server by a class that inherits from the class FlaskForm. The class defines the list of fields in the form, each represented by an object. Each field object can have one or more validators attached. A validator is a function that checks whether the data submitted by the user is valid.

The list of standard HTML fields supported by WTForms is as shown:
**WTForms standard HTML fields**

|Field type|Description|
|-----|-----|
|`BooleanField`|Checkbox with True and False values|
|`DateField`|Text field that accepts a datetime.date value in a given format|
|`DateTimeField`|Text field that accepts a datetime.datetime value in a given format|
|`DecimalField`|Text field that accepts a decimal.Decimal value|
|`FileField`|File upload field|
|`HiddenField`|Hidden text field|
|`MultipleFileField`|Multiple file upload field|
|`FieldList`|List of fields of a given type|
|`FloatField`|Text field that accepts a floating-point value|
|`FormField`|Form embedded as a field in a container form|
|`IntegerField`|Text field that accepts an integer value|
|`PasswordField`|Password text field|
|`RadioField`|List of radio buttons|
|`SelectField`|Drop-down list of choices|
|`SelectMultipleField`|Drop-down list of choices with multiple selection|
|`SubmitField`|Form submission button|
|`StringField`|Text field|
|`TextAreaField`|Multiple-line text field|

<br>

The list of WTForms built-in validators is as shown:
**WTForms validators**

|Validator|Description|
|-----|-----|
|`DataRequired`|Validates that the field contains data after type conversion|
|`Email`|Validates an email address|
|`EqualTo`|Compares the values of two fields; useful when requesting a password to be entered twice for confirmation|
|`InputRequired`|Validates that the field contains data before type conversion|
|`IPAddress`|Validates an IPv4 network address|
|`Length`|Validates the length of the string entered|
|`MacAddress`|Validates a MAC address|
|`NumberRange`|Validates that the value entered is within a numeric range|
|`Optional`|Allows empty input in the field, skipping additional validators|
|`Regexp`|Validates the input against a regular expression|
|`URL`|Validates a URL|
|`UUID`|Validates a UUID|
|`AnyOf`|Validates that the input is one of a list of possible values|
|`NoneOf`|Validates that the input is none of a list of possible values|

<br><br>

# 4.3 HTML Rendering of Forms

> Form fields are callables that, when invoked from a template, render themselves to HTML. Assuming that the view function passes a NameForm instance to the template as an argument named form, the template can generate a simple HTML

`form.hidden_tag()` element is used by Flask-WTF to implement CSRF protection.

Note: eventhough Flask-WTF has few form styles, it is better to utilize bootstraps' own set of form styles whenever possible.

Note: When the page is intended to take data in, remember to change the route config to have both GET and POST methods.

Note: As you provide input to the entry box and press submit, remember to render the page with the box empty in the next instance. This, in this case, is done by assigning input value to local variable and clearing the global one.

<br><br>

# Redirects and User Sessions

Note: When the user press refresh, the browser resends the previous request. Developer should provide redirects to avoid this error especially after POST requests.

>This is achieved by responding to POST requests with a redirect instead of a normal response.
<br>

> NOTE: By default, user sessions are stored in client-side cookies that are cryptographically signed using the configured secret key. Any tampering with the cookie content would render the signature invalid, thus invalidating the session.

Here, instead of local variable, we'll use flask's session class to store name as a dictionary - value data.

<br><br>

# Message Flashing

Use this module to create flash messages like 'Login successful'.