Commit d1d032ba authored by Xiaowu Zhang's avatar Xiaowu Zhang

prodcut/ERP5Form: add HoneypotField to prevent auto bot submit

parent e9cc6f29
from Products.Formulator.Field import ZMIField
from Products.Formulator import Widget
from Products.Formulator.DummyField import fields
from Products.Formulator import Validator
class HoneypotWidget(Widget.Widget):
"""Honeypot widget
"""
property_names = Widget.Widget.property_names +\
['input_type', 'extra']
default = Widget.TextWidget.default
input_type = fields.StringField('input_type',
title='Input type',
description=(
"The type of the input field like 'color', 'date', 'email' etc."
"Note input types, not supported by old web browsers, will behave "
"as input type text."),
default="text",
required=0)
def render(self, field, key, value, REQUEST, render_prefix=None):
"""Honey pot input field.
"""
input_type = field.get_value('input_type') or 'text'
return Widget.render_element("input",
type=input_type,
name=key,
css_class=field.get_value('css_class'),
value=value,
extra=field.get_value('extra'))
def render_view(self, field, value, REQUEST=None, render_prefix=None, key=None):
return self.render(field, key, value, REQUEST, render_prefix)
HoneypotWidgetInstance = HoneypotWidget()
class HoneypotValidator(Validator.Validator):
"""Simple honeypot validator.
"""
property_names = Validator.Validator.property_names
message_names = Validator.Validator.message_names + ['no_validator']
no_validator = 'A bot may try to submit.'
def validate(self, field, key, REQUEST):
# We had to add this patch for hidden fields of type "list"
value = REQUEST.get(key, REQUEST.get('default_%s' % (key, )))
default_value = field.get_value('default')
if value is None or value != default_value:
#this field is not sent or sent with value added by bot
self.raise_error('no_validator', field)
return default_value
HoneypotValidatorInstance = HoneypotValidator()
class HoneypotField(ZMIField):
meta_type = "HoneypotField"
widget = HoneypotWidgetInstance
validator = HoneypotValidatorInstance
......@@ -166,6 +166,9 @@ def initialize( context ):
import GadgetField
FieldRegistry.registerField(GadgetField.GadgetField,
'www/StringField.gif')
import HoneypotField
FieldRegistry.registerField(HoneypotField.HoneypotField,
'www/StringField.gif')
# register help for the product
context.registerHelp()
......
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2007 Nexedi SARL and Contributors. All Rights Reserved.
# Jerome Perrin <jerome@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
# TODO: Some tests from this file can be merged into Formulator
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
import unittest
from Products.Formulator.Validator import ValidationError
from Products.ERP5Form import HoneypotField
from Products.Formulator.StandardFields import FloatField
class TestHoneypotField(ERP5TypeTestCase):
"""Tests Honeypot field
"""
def getTitle(self):
return "Honeypot Field"
def afterSetUp(self):
self.field = HoneypotField.HoneypotField('test_field')
self.widget = self.field.widget
self.validator = self.field.validator
def test_raise_error_when_no_value_submit(self):
self.assertRaises(ValidationError,
self.validator.validate, self.field, 'field_test_field',
self.portal.REQUEST)
def test_raise_error_when_no_default_value_submit(self):
self.portal.REQUEST.set('field_test_field', 'test')
self.assertRaises(ValidationError,
self.validator.validate, self.field, 'field_test_field',
self.portal.REQUEST)
def test_ok_when_default_value_submit(self):
self.field.values['default'] = 'test'
self.portal.REQUEST.set('field_test_field', 'test')
self.assertEqual('test', self.validator.validate(self.field, 'field_test_field',
self.portal.REQUEST))
self.field.values['default'] = ''
self.portal.REQUEST.set('field_test_field', '')
self.assertEqual('', self.validator.validate(self.field, 'field_test_field',
self.portal.REQUEST))
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestHoneypotField))
return suite
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment