From 8f88cd6d2c5ddfec9096629c790bbe6607fd78a6 Mon Sep 17 00:00:00 2001 From: Adrian Amaglio Date: Thu, 17 Sep 2020 16:19:39 +0200 Subject: [PATCH] tested timer field --- main.py | 39 ++++++++++++++++++++------------------- test.html | 3 ++- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/main.py b/main.py index aa17353..b0337fb 100755 --- a/main.py +++ b/main.py @@ -134,22 +134,22 @@ def submission (): response.status = 500 return resp('error', 'La base de donnée n’est pas accessible.') + # Did the bot filled the honeypot field? + if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '': + response.status = 400 + return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') + # Is the js timer enabled? + if 'timerdelay' in form: + # Did it work? + if 'timerfield' not in request.forms or request.forms.get('timerfield') < form['timerdelay']: + response.status = 400 + return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') + try: subject_fields = fill_fields(request, get_fields(form['subject'])) content_fields = fill_fields(request, get_fields(form['content'])) - # Did the bot filled the honeypot field? - if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '': - response.status = 400 - return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') - # Is the js timer enabled? - if 'timerdelay' in form: - # Did it work? - if 'timerfield' not in request.forms or request.forms.get('timerfield') < form['timerdelay']: - response.status = 400 - return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') - except MissingParameterException as e: - response.status = 404 + response.status = 400 return resp('error', str(e)) subject = re.sub(form_regex, r'{\1}', form['subject']).format(**subject_fields) @@ -270,10 +270,6 @@ def create_form (): response.status = 400 return resp('error', 'Le champs « contenu » est requis') - if 'honeypotfield' in request.forms: - honeypotfield = request.forms.getunicode('honeypotfield') - else: - honeypotfield = None # Getting from address if 'mail' in request.forms: @@ -290,14 +286,19 @@ def create_form (): # TODO limit the insertion rate token = ''.join(random.sample(token_chars, token_len)) try: - inserted = mongodb_database['forms'].insert_one({ + newEntry = { 'mail': mail, 'content': content, 'subject': subject, 'user_id': user['_id'], 'token': token, - 'honeypotfield': honeypotfield, - }) + } + if 'honeypotfield' in request.forms: + newEntry['honeypotfield'] = request.forms.getunicode('honeypotfield') + if 'timerdelay' in request.forms: + newEntry['timerdelay'] = request.forms.getunicode('timerdelay') + + inserted = mongodb_database['forms'].insert_one(newEntry) except pymongo.errors.ServerSelectionTimeoutError as e: response.status = 500 return resp('error', 'La base de donnée n’est pas accessible') diff --git a/test.html b/test.html index 52c83be..139bf61 100644 --- a/test.html +++ b/test.html @@ -7,7 +7,8 @@
- + +