Various utility functions shipped with Werkzeug.
class werkzeug.utils.cached_property(fget, name=None, doc=None) A property() that is only evaluated once. Subsequent access returns the cached value. Setting the property sets the cached value. Deleting the property clears the cached value, accessing it again will evaluate it again.
class Example:
@cached_property
def value(self):
# calculate something important here
return 42
e = Example()
e.value # evaluates
e.value # uses cache
e.value = 16 # sets cache
del e.value # clears cache
If the class defines __slots__, it must add _cache_{name} as a slot. Alternatively, it can add __dict__, but that’s usually not desirable.
Changed in version 2.1: Works with __slots__.
Changed in version 2.0: del obj.name clears the cached value.
class werkzeug.utils.environ_property(name, default=None, load_func=None, dump_func=None, read_only=None, doc=None) Maps request attributes to environment variables. This works not only for the Werkzeug request object, but also any other class with an environ attribute:
>>> class Test(object):
... environ = {'key': 'value'}
... test = environ_property('key')
>>> var = Test()
>>> var.test
'value'
If you pass it a second value it’s used as default if the key does not exist, the third one can be a converter that takes a value and converts it. If it raises ValueError or TypeError the default value is used. If no default value is provided None is used.
Per default the property is read only. You have to explicitly enable it by passing read_only=False to the constructor.
class werkzeug.utils.header_property(name, default=None, load_func=None, dump_func=None, read_only=None, doc=None) Like environ_property but for headers.
werkzeug.utils.redirect(location, code=302, Response=None) Returns a response object (a WSGI application) that, if called, redirects the client to the target location. Supported codes are 301, 302, 303, 305, 307, and 308. 300 is not supported because it’s not a real redirect and 304 because it’s the answer for a request with a request with defined If-Modified-Since headers.
Added in version 0.10: The class used for the Response object can now be passed in.
Added in version 0.6: The location can now be a unicode string that is encoded using the iri_to_uri() function.
werkzeug.wrappers.Response if unspecified.werkzeug.utils.append_slash_redirect(environ, code=308) Redirect to the current URL with a slash appended.
If the current URL is /user/42, the redirect URL will be 42/. When joined to the current URL during response processing or by the browser, this will produce /user/42/.
The behavior is undefined if the path ends with a slash already. If called unconditionally on a URL, it may produce a redirect loop.
Changed in version 2.1: Produce a relative URL that only modifies the last segment. Relevant when the current path has multiple segments.
Changed in version 2.1: The default status code is 308 instead of 301. This preserves the request method and body.
werkzeug.utils.send_file(path_or_file, environ, mimetype=None, as_attachment=False, download_name=None, conditional=True, etag=True, last_modified=None, max_age=None, use_x_sendfile=False, response_class=None, _root_path=None) Send the contents of a file to the client.
The first argument can be a file path or a file-like object. Paths are preferred in most cases because Werkzeug can manage the file and get extra information from the path. Passing a file-like object requires that the file is opened in binary mode, and is mostly useful when building a file in memory with io.BytesIO.
Never pass file paths provided by a user. The path is assumed to be trusted, so a user could craft a path to access a file you didn’t intend. Use send_from_directory() to safely serve user-provided paths.
If the WSGI server sets a file_wrapper in environ, it is used, otherwise Werkzeug’s built-in wrapper is used. Alternatively, if the HTTP server supports X-Sendfile, use_x_sendfile=True will tell the server to send the given path, which is much more efficient than reading it in Python.
environ.Cache-Control will be public, otherwise it will be no-cache to prefer conditional caching.X-Sendfile header to let the server to efficiently send the file. Requires support from the HTTP server. Requires passing a file path.Response.send_from_directory() to safely send files under a path.Changed in version 2.0.2: send_file only sets a detected Content-Encoding if as_attachment is disabled.
Added in version 2.0: Adapted from Flask’s implementation.
Changed in version 2.0: download_name replaces Flask’s attachment_filename parameter. If as_attachment=False, it is passed with Content-Disposition: inline instead.
Changed in version 2.0: max_age replaces Flask’s cache_timeout parameter. conditional is enabled and max_age is not set by default.
Changed in version 2.0: etag replaces Flask’s add_etags parameter. It can be a string to use instead of generating one.
Changed in version 2.0: If an encoding is returned when guessing mimetype from download_name, set the Content-Encoding header.
werkzeug.utils.send_from_directory(directory, path, environ, **kwargs) Send a file from within a directory using send_file().
This is a secure way to serve files from a folder, such as static files or uploads. Uses safe_join() to ensure the path coming from the client is not maliciously crafted to point outside the specified directory.
If the final path does not point to an existing regular file, returns a 404 NotFound error.
path must be located under. This must not be a value provided by the client, otherwise it becomes insecure.directory. This is the part of the path provided by the client, which is checked for security.send_file().Added in version 2.0: Adapted from Flask’s implementation.
werkzeug.utils.import_string(import_name, silent=False) Imports an object based on a string. This is useful if you want to use import paths as endpoints or something similar. An import path can be specified either in dotted notation (xml.sax.saxutils.escape) or with a colon as object delimiter (xml.sax.saxutils:escape).
If silent is True the return value will be None if the import fails.
werkzeug.utils.find_modules(import_path, include_packages=False, recursive=False) Finds all the modules below a package. This can be useful to automatically import all views / controllers so that their metaclasses / function decorators have a chance to register themselves on the application.
Packages are not returned unless include_packages is True. This can also recursively list modules but in that case it will import all the packages to get the correct load path of that module.
werkzeug.utils.secure_filename(filename) Pass it a filename and it will return a secure version of it. This filename can then safely be stored on a regular file system and passed to os.path.join(). The filename returned is an ASCII only string for maximum portability.
On windows systems the function also makes sure that the file is not named after one of the special device files.
>>> secure_filename("My cool movie.mov")
'My_cool_movie.mov'
>>> secure_filename("../../../etc/passwd")
'etc_passwd'
>>> secure_filename('i contain cool \xfcml\xe4uts.txt')
'i_contain_cool_umlauts.txt'
The function might return an empty filename. It’s your responsibility to ensure that the filename is unique and that you abort or generate a random filename if the function returned an empty one.
Added in version 0.5.
Please refer to URL Helpers.
class werkzeug.user_agent.UserAgent(string) Represents a parsed user agent header value.
The default implementation does no parsing, only the string attribute is set. A subclass may parse the string to set the common attributes or expose other information. Set werkzeug.wrappers.Request.user_agent_class to use a subclass.
string (str) – The header value to parse.
Added in version 2.0: This replaces the previous useragents module, but does not provide a built-in parser.
platform: str | None = None The OS name, if it could be parsed from the string.
browser: str | None = None The browser name, if it could be parsed from the string.
version: str | None = None The browser version, if it could be parsed from the string.
language: str | None = None The browser language, if it could be parsed from the string.
string: str The original header value.
to_header() Convert to a header value.
werkzeug.security.generate_password_hash(password, method='scrypt', salt_length=16) Securely hash a password for storage. A password can be compared to a stored hash using check_password_hash().
The following methods are supported:
scrypt, the default. The parameters are n, r, and p, the default is scrypt:32768:8:1. See hashlib.scrypt().pbkdf2, less secure. The parameters are hash_method and iterations, the default is pbkdf2:sha256:600000. See hashlib.pbkdf2_hmac().Default parameters may be updated to reflect current guidelines, and methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password.
Changed in version 3.1: The default iterations for pbkdf2 was increased to 1,000,000.
Changed in version 2.3: Scrypt support was added.
Changed in version 2.3: The default iterations for pbkdf2 was increased to 600,000.
Changed in version 2.3: All plain hashes are deprecated and will not be supported in Werkzeug 3.0.
werkzeug.security.check_password_hash(pwhash, password) Securely check that the given stored password hash, previously generated using generate_password_hash(), matches the given password.
Methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password.
Changed in version 2.3: All plain hashes are deprecated and will not be supported in Werkzeug 3.0.
werkzeug.security.safe_join(directory, *pathnames) Safely join zero or more untrusted path components to a base directory to avoid escaping the base directory.
Werkzeug uses standard Python logging. The logger is named "werkzeug".
import logging
logger = logging.getLogger("werkzeug")
If the logger level is not set, it will be set to INFO on first use. If there is no handler for that level, a StreamHandler is added.
© 2007 Pallets
Licensed under the BSD 3-clause License.
https://werkzeug.palletsprojects.com/en/latest/utils/