added support for client-side form spam-protection (captcha/honeypot)

data/submit_apps.json

@@ -16,7 +16,9 @@
       "type": "form",
       "class_list": "responsive",
       "property_dict": {
-        "editable": true
+        "editable": true,
+        "captcha": "captcha",
+        "public_key": "6Ldpb-oSAAAAAGwriKpk4ol1n4yjN_as6M4xv0zA"
       },
       "children": [{
         "generate": "widget",

js/erp5_loader.js

@@ -12,7 +12,37 @@
     // ERP5 custom methods
     erp5 = {},
     // JQM content erateerator
-    factory = {};
+    factory = {},
+
+    // renderJS
+    javascript_registration_dict = {},
+    renderJS = {};
+
+  /* ====================================================================== */
+  /*                              MAPPING ERP5                              */
+  /* ====================================================================== */
+  renderJS.declareJS = function (url) {
+    var result;
+    if (javascript_registration_dict.hasOwnProperty(url)) {
+      result = RSVP.resolve();
+    } else {
+      result = new RSVP.Promise(function (resolve, reject) {
+        var newScript;
+        newScript = document.createElement('script');
+        newScript.type = 'text/javascript';
+        newScript.src = url;
+        newScript.onload = function () {
+          javascript_registration_dict[url] = null;
+          resolve();
+        };
+        newScript.onerror = function (e) {
+          reject(e);
+        };
+        document.head.appendChild(newScript);
+      });
+    }
+    return result;
+  };
 
   /* ====================================================================== */
   /*                              MAPPING ERP5                              */
@@ -1358,11 +1388,24 @@
       doc,
       config,
       value,
+      secure = spec.property_dict.captcha,
+      safety_box,
+      noscript,
       fragment = factory.util.wrapInForm(spec),
-      wrap = function (area) {
+      wrap = function (area, captcha) {
+        var keys = {};
+
+        // set key so it can be retrieved when binding the form
+        if (captcha) {
+          keys.id = spec.id + "_captcha";
+          keys["data-key"] = spec.property_dict.public_key;
+        }
+
         return factory.generateElement(
           "div",
-          {"className": "span_" + area}
+          {"className": "span_" + area},
+          {},
+          keys
         );
       };
 
@@ -1405,12 +1448,26 @@
       fragment.appendChild(container);
     }
 
+    // set captcha or anti spam protection
+    switch (secure) {
+      case "default":
+        console.log("secure silently")
+      break;
+      case "captcha":
+        if (spec.property_dict.public_key) {
+          safety_box = wrap(1, true);
+          fragment.appendChild(safety_box);
+        } else {
+          util.errorHandler({"error": "Captcha - No public key supplied"});
+        }
+      break;
+    }
+
     // children (default to 1 or 2? crap!)
     for (k = 0; k < spec.children.length; k += 1) {
       // pass reference
       element = spec.children[k];
       if (spec.form) {
-        // NOTE: I prefer element["reference"] JSLINT does not
         element.reference = spec.id;
       }
       container = wrap(1);
@@ -3819,6 +3876,8 @@
       j,
       form_element,
       filterable,
+      captcha,
+      result,
       form_list = document.getElementsByTagName("form"),
       filter_list = document.querySelectorAll("[data-filter]");
 
@@ -3835,9 +3894,21 @@
     // add validation to all forms
     for (j = 0; j < form_list.length; j += 1) {
       form_element = form_list[j];
-//       console.log("foo, we have a form")
-// 
-//       console.log(form_element);
+      captcha = document.getElementById(form_element.id + "_captcha");
+
+      // add captcha
+      if (captcha) {
+        renderJS.declareJS(
+          "http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"
+        ).then(function(e) {
+          Recaptcha.create(
+            captcha.getAttribute("data-key"),
+            captcha.id,
+            {"theme": "red", "callback": Recaptcha.focus_response_field}
+          );
+        }).fail(util.errorHandler);
+      }
+
       if (form_element.getAttribute("data-bound") === null) {
         form_element.setAttribute("data-bound", true);