prodcut/ERP5Form: add HoneypotField to prevent unexpected submit value

bdfc4512 · Xiaowu Zhang · 95509493 · bdfc4512 · bdfc4512 · bdfc4512
Commit bdfc4512 authored Oct 17, 2018 by Xiaowu Zhang
3 changed files
--- a/product/ERP5Form/HoneypotField.py
+++ b/product/ERP5Form/HoneypotField.py
+from Products.Formulator.Field import ZMIField
+from Products.Formulator import Widget
+from Products.Formulator.DummyField import fields
+from Products.Formulator import Validator
+
+class HoneypotWidget(Widget.Widget):
+  """Honeypot widget
+  """
+  property_names = Widget.Widget.property_names +\
+                    ['extra']
+  default = Widget.TextWidget.default
+  def render(self, field, key, value, REQUEST, render_prefix=None):
+    """Honey pot input field.
+    """
+    return Widget.render_element("input",
+                          type='text',
+                          name=key,
+                          css_class=field.get_value('css_class'),
+                          value=value,
+                          extra=field.get_value('extra'))
+
+  def render_view(self, field, value, REQUEST=None, render_prefix=None, key=None):
+    return self.render(field, key, value, REQUEST, render_prefix)
+
+HoneypotWidgetInstance = HoneypotWidget()
+
+class HoneypotValidator(Validator.Validator):
+    """Simple honeypot validator.
+    """
+    property_names = Validator.Validator.property_names
+
+    message_names = Validator.Validator.message_names + ['unexpected_value']
+    unexpected_value = 'Unexpected value'
+
+    def validate(self, field, key, REQUEST):
+      value = REQUEST.get(key, None)
+      if value is None or value != '':
+        #this field is not sent or sent with value
+        self.raise_error('unexpected_value', field)
+      return value
+
+HoneypotValidatorInstance = HoneypotValidator()
+
+class HoneypotField(ZMIField):
+  #Field to stop auto bot submit
+  #https://nedbatchelder.com/text/stopbots.html
+  meta_type = "HoneypotField"
+
+  widget = HoneypotWidgetInstance
+  validator = HoneypotValidatorInstance
--- a/product/ERP5Form/__init__.py
+++ b/product/ERP5Form/__init__.py
@@ -166,6 +166,9 @@ def initialize( context ):
    import GadgetField
    FieldRegistry.registerField(GadgetField.GadgetField,
                                'www/StringField.gif')
+    import HoneypotField
+    FieldRegistry.registerField(HoneypotField.HoneypotField,
+                                'www/StringField.gif')

    # register help for the product
    context.registerHelp()

--- a/product/ERP5Form/tests/testHoneypotField.py
+++ b/product/ERP5Form/tests/testHoneypotField.py
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (c) 2007 Nexedi SARL and Contributors. All Rights Reserved.
+#          Jerome Perrin <jerome@nexedi.com>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+##############################################################################
+
+# TODO: Some tests from this file can be merged into Formulator
+
+from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
+import unittest
+from Products.Formulator.Validator import ValidationError
+from Products.ERP5Form import HoneypotField
+from Products.Formulator.StandardFields import FloatField
+
+class TestHoneypotField(ERP5TypeTestCase):
+  """Tests Honeypot field
+  """
+
+  def getTitle(self):
+    return "Honeypot Field"
+
+  def afterSetUp(self):
+    self.field = HoneypotField.HoneypotField('test_field')
+    self.widget = self.field.widget
+    self.validator = self.field.validator
+
+  def test_raise_error_when_no_value_submit(self):
+    self.assertRaises(ValidationError,
+      self.validator.validate, self.field, 'field_test_field',
+      self.portal.REQUEST)
+
+  def test_raise_error_when_not_empty_value_submit(self):
+    self.portal.REQUEST.set('field_test_field', 'test')
+    self.assertRaises(ValidationError,
+      self.validator.validate, self.field, 'field_test_field',
+      self.portal.REQUEST)
+   
+  def test_ok_when_empty_value_submit(self):
+     self.portal.REQUEST.set('field_test_field', '')
+     self.assertEqual('', self.validator.validate(self.field, 'field_test_field',
+     self.portal.REQUEST))
+
+def test_suite():
+  suite = unittest.TestSuite()
+  suite.addTest(unittest.makeSuite(TestHoneypotField))
+  return suite