From e2465e2874089561df2b8683ab0d5de412a65a5a Mon Sep 17 00:00:00 2001 From: Adrian Amaglio Date: Thu, 8 Oct 2020 20:17:48 +0200 Subject: [PATCH] fix field control --- client/index.js | 3 +++ main.py | 12 +++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/client/index.js b/client/index.js index e3186a0..27137da 100644 --- a/client/index.js +++ b/client/index.js @@ -106,6 +106,9 @@ function jeanCloudContactFormIntercept (formId, notifier) { loadingText.parentNode.removeChild(loadingText) notifier.error('Impossible d’envoyer le formulaire. Vérifiez votre connexion internet ou réessayez plus tard.') }) + + /* Remove timer field after xhr. So we can try again. */ + formElem.removeChild(timerField) } } diff --git a/main.py b/main.py index b0337fb..bf494df 100755 --- a/main.py +++ b/main.py @@ -46,7 +46,6 @@ class EnableCors(object): return _enable_cors app = application = bottle.Bottle(catchall=False) -#app.install(EnableCors()) ##################################################### Configuration ############################################ @@ -86,7 +85,7 @@ smtp_server_password = get_env('SMTP_SERVER_PASSWORD') smtp_server_sender = get_env('SMTP_SERVER_SENDER') # Get mongodb connection -mongodb_host = get_env('MONGODB_HOST') +mongodb_host = get_env('MONGODB_HOST') mongodb_port = get_env('MONGODB_PORT', '27017') mongodb_dbname = get_env('MONGODB_DBNAME', 'contact_mailer') @@ -137,11 +136,13 @@ def submission (): # Did the bot filled the honeypot field? if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '': response.status = 400 + print('honeypotfield') return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') # Is the js timer enabled? if 'timerdelay' in form: # Did it work? - if 'timerfield' not in request.forms or request.forms.get('timerfield') < form['timerdelay']: + if 'timerfield' not in request.forms or int(request.forms.get('timerfield')) < int(form['timerdelay']): + print('timer : {}/{}'.format(request.forms.get('timerfield'), form['timerdelay'])) response.status = 400 return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') @@ -190,9 +191,13 @@ def fill_fields(request, fields): """Look for fields in request and fill fields dict with values or let default ones. If the value is required, throw exception.""" for field in fields: if field in request.forms: + if request.forms.get(field).strip() == '' and fields[field] is None: # If empty and mandatory + raise MissingParameterException("Le champs {} doit être rempli".format(field)) fields[field] = request.forms.getunicode(field) if fields[field] is None: # if unicode failed fields[field] = request.forms.get(field) + if fields[field] is None: # if get failed too + raise Exception("Error, field '{}' not gettable".format(field)) elif fields[field] is None: raise MissingParameterException("Le champs {} est obligatoire".format(field)) return fields @@ -418,6 +423,7 @@ def delete_user (username): ##################################################### app startup ############################################ if __name__ == '__main__': + app.install(EnableCors()) bottle.run(app=StripPathMiddleware(app), host=listen_address, port=listen_port, debug=True) else: prod_app = StripPathMiddleware(app)