tested timer field
This commit is contained in:
parent
e66ac2e8bd
commit
8f88cd6d2c
39
main.py
39
main.py
@ -134,22 +134,22 @@ def submission ():
|
||||
response.status = 500
|
||||
return resp('error', 'La base de donnée n’est pas accessible.')
|
||||
|
||||
# Did the bot filled the honeypot field?
|
||||
if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '':
|
||||
response.status = 400
|
||||
return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
|
||||
# Is the js timer enabled?
|
||||
if 'timerdelay' in form:
|
||||
# Did it work?
|
||||
if 'timerfield' not in request.forms or request.forms.get('timerfield') < form['timerdelay']:
|
||||
response.status = 400
|
||||
return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
|
||||
|
||||
try:
|
||||
subject_fields = fill_fields(request, get_fields(form['subject']))
|
||||
content_fields = fill_fields(request, get_fields(form['content']))
|
||||
# Did the bot filled the honeypot field?
|
||||
if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '':
|
||||
response.status = 400
|
||||
return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
|
||||
# Is the js timer enabled?
|
||||
if 'timerdelay' in form:
|
||||
# Did it work?
|
||||
if 'timerfield' not in request.forms or request.forms.get('timerfield') < form['timerdelay']:
|
||||
response.status = 400
|
||||
return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
|
||||
|
||||
except MissingParameterException as e:
|
||||
response.status = 404
|
||||
response.status = 400
|
||||
return resp('error', str(e))
|
||||
|
||||
subject = re.sub(form_regex, r'{\1}', form['subject']).format(**subject_fields)
|
||||
@ -270,10 +270,6 @@ def create_form ():
|
||||
response.status = 400
|
||||
return resp('error', 'Le champs « contenu » est requis')
|
||||
|
||||
if 'honeypotfield' in request.forms:
|
||||
honeypotfield = request.forms.getunicode('honeypotfield')
|
||||
else:
|
||||
honeypotfield = None
|
||||
|
||||
# Getting from address
|
||||
if 'mail' in request.forms:
|
||||
@ -290,14 +286,19 @@ def create_form ():
|
||||
# TODO limit the insertion rate
|
||||
token = ''.join(random.sample(token_chars, token_len))
|
||||
try:
|
||||
inserted = mongodb_database['forms'].insert_one({
|
||||
newEntry = {
|
||||
'mail': mail,
|
||||
'content': content,
|
||||
'subject': subject,
|
||||
'user_id': user['_id'],
|
||||
'token': token,
|
||||
'honeypotfield': honeypotfield,
|
||||
})
|
||||
}
|
||||
if 'honeypotfield' in request.forms:
|
||||
newEntry['honeypotfield'] = request.forms.getunicode('honeypotfield')
|
||||
if 'timerdelay' in request.forms:
|
||||
newEntry['timerdelay'] = request.forms.getunicode('timerdelay')
|
||||
|
||||
inserted = mongodb_database['forms'].insert_one(newEntry)
|
||||
except pymongo.errors.ServerSelectionTimeoutError as e:
|
||||
response.status = 500
|
||||
return resp('error', 'La base de donnée n’est pas accessible')
|
||||
|
||||
@ -7,7 +7,8 @@
|
||||
<body>
|
||||
<div id="contact-mailer-message"></div>
|
||||
<form action="http://localhost:8080/submit" method="POST" id="contact-mailer-form">
|
||||
<input type="hidden" name="token" value="sYMXDz5UKuRF38LbQl20ikrmp7nhHcxTCgGZodqAaBtSvPOV4f" />
|
||||
<noscript>Les protections anti-spam, nécéssitent l’utilisation de javascript. Rien d’intrusif normalement.</noscript>
|
||||
<input type="hidden" name="token" value="PK8gQHDx9VoJ7yuEhbj5iCZkcUOAqTYlRSN14XFtdfr3LBs0zn" />
|
||||
<div>
|
||||
<label for="nom">Votre nom :</label>
|
||||
<input type="text" name="nom" required="required"/>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user