From bbaf3399fdcc474f921e925c929161187dbcc679 Mon Sep 17 00:00:00 2001 From: Bryan Date: Sat, 22 Feb 2014 23:16:41 -0500 Subject: [PATCH] failed attempt to check for a blank honeypot, form doesn't clean() --- karmaworld/apps/courses/views.py | 18 +++++++++++++++ karmaworld/settings/common.py | 10 +++++++- karmaworld/templates/partial/add_course.html | 24 ++++++++++++++++---- 3 files changed, 46 insertions(+), 6 deletions(-) diff --git a/karmaworld/apps/courses/views.py b/karmaworld/apps/courses/views.py index b88fe7b..91a0577 100644 --- a/karmaworld/apps/courses/views.py +++ b/karmaworld/apps/courses/views.py @@ -5,6 +5,7 @@ import json +from django.conf import settings from django.core import serializers from django.core.exceptions import MultipleObjectsReturned from django.core.exceptions import ObjectDoesNotExist @@ -49,12 +50,29 @@ class CourseListView(ListView, ModelFormMixin, ProcessFormView): # Include "Add Course" button in header context['display_add_course'] = True + # Include settings constants for honeypot + for key in ('HONEYPOT_FIELD_NAME', 'HONEYPOT_VALUE'): + context[key] = getattr(settings, key) + return context def get_success_url(self): """ On success, return url based on urls.py definition. """ return self.object.get_absolute_url() + def clean(self, *args, **kwargs): + """ Additional form validation. """ + # Call ModelFormMixin or whoever normally cleans house. + cleaned_data = super(CourseListView, self).clean(*args, **kwargs) + # parts of this code borrow from + # https://github.com/sunlightlabs/django-honeypot + formhoneypot = cleaned_data.get(settings.HONEYPOT_FIELD_NAME, None) + if formhoneypot and (formhoneypot != settings.HONEYPOT_VALUE): + # Highlight a failure to follow instructions. + self._errors['honeypot'] = 'You did not follow directions.' + del cleaned_data[hfn] + return cleaned_data + def form_invalid(self, form, **kwargs): """ override form_invalid to populate object_list on redirect """ kwargs['is_error'] = True diff --git a/karmaworld/settings/common.py b/karmaworld/settings/common.py index 8993be6..506ccf9 100644 --- a/karmaworld/settings/common.py +++ b/karmaworld/settings/common.py @@ -371,7 +371,15 @@ TAGGIT_STOPWORDS = [u'a', u'an', u'and', u'be', u'from', u'of'] ########## END TAGGIT CONFIGURATION + +########## HONEYPOT CONFIGURATION +# parts of this code borrow from +# https://github.com/sunlightlabs/django-honeypot +HONEYPOT_FIELD_NAME = "settings_field_name" +HONEYPOT_VALUE = "" +########## END HONEYPOT CONFIGURATION + + ########## TESTING CONFIGURATION TESTING = 'test' in sys.argv ########## END TESTING CONFIGURATION - diff --git a/karmaworld/templates/partial/add_course.html b/karmaworld/templates/partial/add_course.html index 2938f5b..693a563 100644 --- a/karmaworld/templates/partial/add_course.html +++ b/karmaworld/templates/partial/add_course.html @@ -13,12 +13,13 @@
{% csrf_token %} + {% if course_form.non_field_errors %}
{{ course_form.non_field_errors }}
- + {% endif %}
@@ -42,7 +43,7 @@ Course Name: {% if course_form.name.errors %} - * there was an error with this field + {{ course_form.name.errors }} {% endif %} @@ -50,13 +51,26 @@
+
+
+ Do not fill in this field: + {% if course_form.honeypot.errors %} + + {{ course_form.honeypot.errors }} + + {% endif %} + + +
+
+
Instructor Name: {% if course_form.instructor_name.errors %} - * there was an error with this field + {{ course_form.instructor_name.errors }} {% endif %} @@ -68,7 +82,7 @@ Instructor Email: {% if course_form.instructor_email.errors %} - * there was an error with this field + {{ course_form.instructor_email.errors }} {% endif %} @@ -81,7 +95,7 @@ Course url: {% if course_form.url.errors %} - * there was an error with this field + {{ course_form.url.errors }} {% endif %} -- 2.25.1