capitalize CSRFProtect

docs/api.rst

@@ -31,9 +31,11 @@ CSRF Protection
 
 .. module:: flask_wtf.csrf
 
-.. autoclass:: CsrfProtect
+.. autoclass:: CSRFProtect
    :members:
 
+.. autoclass:: CsrfProtect(...)
+
 .. autoclass:: CSRFError
    :members:
 

docs/changelog.rst

@@ -33,13 +33,16 @@ In development
 
 - Provide ``WTF_CSRF_FIELD_NAME`` to configure the name of the CSRF token.
   (`#271`_)
-- ``CsrfError`` is renamed to ``CSRFError``. (`#271`_)
 - ``validate_csrf`` raises ``wtforms.ValidationError`` with specific messages
   instead of returning ``True`` or ``False``. This breaks anything that was
   calling the method directly. (`#239`_, `#271`_)
 
     - CSRF errors are logged as well as raised. (`#239`_)
 
+- ``CsrfProtect`` is renamed to ``CSRFProtect``. A deprecation warning is issued
+  when using the old name. ``CsrfError`` is renamed to ``CSRFError`` without
+  deprecation. (`#271`_)
+
 .. _`#200`: https://github.com/lepture/flask-wtf/issues/200
 .. _`#209`: https://github.com/lepture/flask-wtf/pull/209
 .. _`#216`: https://github.com/lepture/flask-wtf/issues/216

docs/csrf.rst

@@ -5,7 +5,7 @@
 CSRF Protection
 ===============
 
-Any view using :class:`flask_wtf.FlaskForm` to process the request is already
+Any view using :class:`~flask_wtf.FlaskForm` to process the request is already
 getting CSRF protection. If you have views that don't use ``FlaskForm`` or make
 AJAX requests, use the provided CSRF extension to protect those requests as
 well.
@@ -14,15 +14,15 @@ Setup
 -----
 
 To enable CSRF protection globally for a Flask app, register the
-:class:`CsrfProtect` extension. ::
+:class:`CSRFProtect` extension. ::
 
-    from flask_wtf.csrf import CsrfProtect
+    from flask_wtf.csrf import CSRFProtect
 
-    csrf = CsrfProtect(app)
+    csrf = CSRFProtect(app)
 
 Like other Flask extensions, you can apply it lazily::
 
-    csrf = CsrfProtect()
+    csrf = CSRFProtect()
 
     def create_app():
         app = Flask(__name__)
@@ -82,7 +82,7 @@ By default this returns a response with the failure reason and a 400 code.
 You can customize the error response using Flask's
 :meth:`~flask.Flask.errorhandler`. ::
 
-    from flask_wtf.csrf import CsrfError
+    from flask_wtf.csrf import CSRFError
 
     @app.errorhandler(CsrfError)
     def handle_csrf_error(e):
@@ -106,7 +106,7 @@ You can exclude all the views of a blueprint. ::
 
 You can disable CSRF protection in all views by default, by setting
 ``WTF_CSRF_CHECK_DEFAULT`` to ``False``, and selectively call
-``csrf.protect()`` only when you need. This also enables you to do some
+:meth:`~flask_wtf.csrf.CSRFProtect.protect` only when you need. This also enables you to do some
 pre-processing on the requests before checking for the CSRF token. ::
 
     @app.before_request

flask_wtf/__init__.py

@@ -12,7 +12,7 @@
 # flake8: noqa
 from __future__ import absolute_import
 
-from .csrf import CsrfProtect
+from .csrf import CSRFProtect, CsrfProtect
 from .form import FlaskForm, Form
 from .recaptcha import *
 

flask_wtf/csrf.py

@@ -13,7 +13,7 @@
 
 from ._compat import FlaskWTFDeprecationWarning, string_types, urlparse
 
-__all__ = ('generate_csrf', 'validate_csrf', 'CsrfProtect')
+__all__ = ('generate_csrf', 'validate_csrf', 'CSRFProtect')
 logger = logging.getLogger(__name__)
 
 
@@ -147,7 +147,7 @@ def validate_csrf_token(self, form, field):
             raise
 
 
-class CsrfProtect(object):
+class CSRFProtect(object):
     """Enable CSRF protection globally for a Flask app.
 
     ::
@@ -324,6 +324,20 @@ def handler(reason):
         return view
 
 
+class CsrfProtect(CSRFProtect):
+    """
+    .. deprecated:: 0.14
+        Renamed to :class:`~flask_wtf.csrf.CSRFProtect`.
+    """
+
+    def __init__(self, app=None):
+        warnings.warn(FlaskWTFDeprecationWarning(
+            '"flask_wtf.CsrfProtect" has been renamed to "CSRFProtect" '
+            'and will be removed in 1.0.'
+        ), stacklevel=2)
+        super(CsrfProtect, self).__init__(app=app)
+
+
 class CSRFError(BadRequest):
     """Raise if the client sends invalid CSRF data with the request.
 

tests/test_csrf.py

@@ -7,15 +7,15 @@
 from wtforms import ValidationError
 
 from flask_wtf._compat import FlaskWTFDeprecationWarning
-from flask_wtf.csrf import CSRFError, CsrfProtect, generate_csrf, validate_csrf
+from flask_wtf.csrf import CSRFError, CSRFProtect, generate_csrf, validate_csrf
 from .base import MyForm, TestCase
 
 
 class TestCSRF(TestCase):
     def setUp(self):
         app = self.create_app()
         app.config['WTF_CSRF_SECRET_KEY'] = "a poorly kept secret."
-        csrf = CsrfProtect(app)
+        csrf = CSRFProtect(app)
         self.csrf = csrf
 
         @csrf.exempt

tests/test_form.py → tests/test_deprecated.py

@@ -4,11 +4,11 @@
 from wtforms.compat import with_metaclass
 from wtforms.form import FormMeta
 
-from flask_wtf import FlaskForm, Form
+from flask_wtf import CsrfProtect, FlaskForm, Form
 from flask_wtf._compat import FlaskWTFDeprecationWarning
 
 
-class TestForm(TestCase):
+class TestDeprecated(TestCase):
     def test_deprecated_form(self):
         with warnings.catch_warnings():
             warnings.simplefilter('error', FlaskWTFDeprecationWarning)
@@ -38,3 +38,8 @@ class F(FlaskForm):
         with warnings.catch_warnings():
             warnings.simplefilter('error', FlaskWTFDeprecationWarning)
             self.assertRaises(FlaskWTFDeprecationWarning, F, csrf_enabled=False)
+
+    def test_deprecated_csrfprotect(self):
+        with warnings.catch_warnings():
+            warnings.simplefilter('error', FlaskWTFDeprecationWarning)
+            self.assertRaises(FlaskWTFDeprecationWarning, CsrfProtect)