misc: add antibot feature to tracking code reminder email form (#50697)

2021-01-30 12:26:25 +01:00 · 2021-01-30 12:26:25 +01:00 · c4373a63e9
parent 79dd178c9d
commit c4373a63e9
2 changed files with 33 additions and 2 deletions
--- a/tests/form_pages/test_all.py
+++ b/tests/form_pages/test_all.py
@ -1838,6 +1838,31 @@ def test_form_tracking_code_email(pub, emails, nocache):
    assert resp.forms[1]['f0'].value == 'barfoo'


+def test_form_tracking_code_email_antibot(pub, emails, nocache):
+    formdef = create_formdef()
+    formdef.data_class().wipe()
+    formdef.fields = [fields.StringField(id='0', label='string'),
+                      fields.StringField(id='1', label='string2')]
+    formdef.enable_tracking_codes = True
+    formdef.store()
+
+    app = get_app(pub)
+    resp = app.get('/test/')
+    resp.form['f0'] = 'barfoo'
+    # autosave will be made using javascript in real world
+    app.post('/test/autosave', params=resp.form.submit_fields())
+
+    tracking_code = get_displayed_tracking_code(resp)
+    assert tracking_code is not None
+
+    resp = get_app(pub).get('/test/code/%s/' % tracking_code)
+    assert '<h2>Keep your tracking code</h2>' in resp.text
+    resp.forms[0]['email'] = 'foo@localhost'
+    resp.forms[0]['validation'].checked = True  # stupit bot will do that
+    resp = resp.forms[0].submit()
+    assert not emails.emails.values()
+
+
 def test_form_tracking_code_remove_draft(pub, nocache):
    formdef = create_formdef()
    formdef.fields = [fields.StringField(id='0', label='string')]
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@ -124,6 +124,9 @@ class TrackingCodeDirectory(Directory):
        else:
            email = None
        form.add(EmailWidget, 'email', value=email, title=_('Email'), size=25, required=True, attrs={'required': 'required'})
+        form.widgets.append(HtmlWidget('<div style="display: none">'))
+        form.add(CheckboxWidget, 'validation', required=False, title=_('Leave unchecked or the email will NOT be sent.'))
+        form.widgets.append(HtmlWidget('</div>'))
        form.add_submit('submit', _('Send email'))
        form.add_submit('cancel', _('Cancel'))

@ -138,8 +141,11 @@ class TrackingCodeDirectory(Directory):
                    'email': email
                    }
            data.update(self.formdef.get_substitution_variables(minimal=True))
-            emails.custom_template_email('tracking-code-reminder', data,
-                        email, fire_and_forget=True)
+            if not form.get_widget('validation').parse():
+                # only send email if the antibot validation checkbox has not
+                # been checked.
+                emails.custom_template_email('tracking-code-reminder', data,
+                            email, fire_and_forget=True)
            return redirect('./load')

        html_top()