misc: add antibot honeypot (#38676)
This commit is contained in:
parent
16457ffd0e
commit
2b19ab5e86
|
@ -7976,3 +7976,14 @@ def test_after_submit_location(pub):
|
|||
resp.form['comment'] = 'plop'
|
||||
resp = resp.form.submit('submit')
|
||||
assert resp.location == 'http://example.net/test/1/#'
|
||||
|
||||
|
||||
def test_form_honeypot(pub):
|
||||
formdef = create_formdef()
|
||||
formdef.fields = [fields.StringField(id='0', label='string', required=False)]
|
||||
formdef.store()
|
||||
formdef.data_class().wipe()
|
||||
resp = get_app(pub).get('/test/')
|
||||
resp.forms[0]['f00'] = 'honey?'
|
||||
resp = resp.forms[0].submit('submit')
|
||||
assert 'Honey pot should be left untouched.' in resp
|
||||
|
|
|
@ -455,6 +455,12 @@ class FormPage(Directory, FormTemplateMixin):
|
|||
form.add_submit('savedraft', _('Save Draft'), css_class='save-draft',
|
||||
attrs={'style': 'display: none'})
|
||||
|
||||
# add fake field as honey pot
|
||||
honeypot = form.add(StringWidget, 'f00', value='',
|
||||
title=_('leave this field blank to prove your humanity'),
|
||||
size=25)
|
||||
honeypot.is_hidden = True
|
||||
|
||||
context = {
|
||||
'view': self,
|
||||
'form': form,
|
||||
|
@ -840,6 +846,11 @@ class FormPage(Directory, FormTemplateMixin):
|
|||
form.set_error('post_condition%d' % i, 'error')
|
||||
page_error_messages.append(error_message)
|
||||
|
||||
if get_request().form.get('f00'): # 🍯
|
||||
form.add(HiddenErrorWidget, 'honeypot')
|
||||
form.set_error('honeypot', 'error')
|
||||
page_error_messages.append(_('Honey pot should be left untouched.'))
|
||||
|
||||
# form.get_submit() returns the name of the clicked button, and
|
||||
# it will return True if the form has been submitted, but not
|
||||
# by clicking on a submit widget; for example if an "add row"
|
||||
|
|
Loading…
Reference in New Issue