From e66ac2e8bdd35a310d93ca009a33f14fd73e2558 Mon Sep 17 00:00:00 2001 From: Adrian Amaglio Date: Thu, 17 Sep 2020 16:08:46 +0200 Subject: [PATCH] First work on timer field against bots --- client/index.js | 10 ++++++++++ main.py | 6 ++++++ 2 files changed, 16 insertions(+) diff --git a/client/index.js b/client/index.js index e515f12..e3186a0 100644 --- a/client/index.js +++ b/client/index.js @@ -74,6 +74,14 @@ function jeanCloudContactFormIntercept (formId, notifier) { loadingText.classList.add("contact-mailer-sending"); loadingText.textContent = 'Envoi en cours…' submitButton.after(loadingText) + + /* Add the filling timer in seconds */ + const timerField = document.createElement('input') + timerField.value = Math.round((Date.now() - contactMailerPageLoadedTime) / 1000) + timerField.name = 'timerfield' + timerField.hidden = 'hidden' + formElem.appendChild(timerField) + /* XHR */ fetch(formElem.action, { method: formElem.method, @@ -115,3 +123,5 @@ function jeanCloudContactFormIntercept (formId, notifier) { // cat style.css | openssl dgst -sha384 -binary | openssl base64 -A document.head.appendChild(link); })() + +var contactMailerPageLoadedTime = Date.now() diff --git a/main.py b/main.py index d22dee3..aa17353 100755 --- a/main.py +++ b/main.py @@ -141,6 +141,12 @@ def submission (): if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '': response.status = 400 return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') + # Is the js timer enabled? + if 'timerdelay' in form: + # Did it work? + if 'timerfield' not in request.forms or request.forms.get('timerfield') < form['timerdelay']: + response.status = 400 + return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') except MissingParameterException as e: response.status = 404