9 years ago · 95d15ed11a
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -1,2 +1,3 @@
 
				 Django==1.9.3
			
 
				+PyYAML==3.11
			
 
				 pytz
			
--- a/wifiwithme/apps/contribmap/decorators.py
+++ b/wifiwithme/apps/contribmap/decorators.py
@@ -0,0 +1,21 @@
 
				+from django.http import HttpResponseForbidden
			
 
				+from .forms import PublicContribForm
			
 
				+
			
 
				+
			
 
				+def prevent_robots(field_name='human_field'):
			
 
				+    """
			
 
				+    this decorator returns a HTTP 403 Forbidden error on POST requests
			
 
				+    if a given field has been set
			
 
				+
			
 
				+    Keyword arguments :
			
 
				+    field_name -- the name of the field to search for (default 'human_field')
			
 
				+    """
			
 
				+    def _dec(func):
			
 
				+        def _wrapped_func(request, *args, **kwargs):
			
 
				+            if request.method == 'POST':
			
 
				+                form = PublicContribForm(request.POST)
			
 
				+                if field_name in form.data and form.data[field_name]:
			
 
				+                    return HttpResponseForbidden()
			
 
				+            return func(request, *args, **kwargs)
			
 
				+        return _wrapped_func
			
 
				+    return _dec
			
--- a/wifiwithme/apps/contribmap/forms.py
+++ b/wifiwithme/apps/contribmap/forms.py
@@ -16,6 +16,8 @@ ORIENTATIONS = (
 
				 
			
 
				 
			
 
				 class PublicContribForm(forms.ModelForm):
			
 
				+    human_field = forms.CharField(required=False, widget=forms.HiddenInput)
			
 
				+
			
 
				     class Meta:
			
 
				         model = Contrib
			
 
				 
			
--- a/wifiwithme/apps/contribmap/templates/contribmap/wifi-form.html
+++ b/wifiwithme/apps/contribmap/templates/contribmap/wifi-form.html
@@ -167,6 +167,7 @@ pourraient être intéressantes.
 
				 
			
 
				 
			
 
				     <h2>Mes données</h2>
			
 
				+    {{ form.human_field|formcontrol }}
			
 
				 
			
 
				     <p class="help-block">
			
 
				 Les données collectées dans ce formulaire sont accessibles
			
--- a/wifiwithme/apps/contribmap/tests.py
+++ b/wifiwithme/apps/contribmap/tests.py
@@ -145,6 +145,7 @@ class TestViews(APITestCase):
 
				         self.assertIn('JohnCleese', mail.outbox[0].subject)
			
 
				         self.assertIn('JohnCleese', mail.outbox[0].body)
			
 
				 
			
 
				+<<<<<<< HEAD
			
 
				 class TestForms(TestCase):
			
 
				     valid_data = {
			
 
				         'roof': True,
			
@@ -200,6 +201,35 @@ class TestForms(TestCase):
 
				         data['access_type'] = 'cable'
			
 
				         self.assertTrue(PublicContribForm(data).is_valid())
			
 
				 
			
 
				+    @override_settings(NOTIFICATION_EMAILS=['foo@example.com'])
			
 
				+    def test_add_contrib_like_a_robot(self):
			
 
				+        response = self.client.post('/map/contribute', {
			
 
				+            'roof': True,
			
 
				+            'human_field': 'should not have no value',
			
 
				+            'privacy_place_details': True,
			
 
				+            'privacy_coordinates': True,
			
 
				+            'phone': '0202020202',
			
 
				+            'orientations': 'N',
			
 
				+            'orientations': 'NO',
			
 
				+            'orientations': 'O',
			
 
				+            'orientations': 'SO',
			
 
				+            'orientations': 'S',
			
 
				+            'orientations': 'SE',
			
 
				+            'orientations': 'E',
			
 
				+            'orientations': 'NE',
			
 
				+            'orientation': 'all',
			
 
				+            'name': 'JohnCleese',
			
 
				+            'longitude': -1.553621,
			
 
				+            'latitude': 47.218371,
			
 
				+            'floor_total': '2',
			
 
				+            'floor': 1,
			
 
				+            'email': 'coucou@example.com',
			
 
				+            'contrib_type': 'connect',
			
 
				+            'connect_local': 'on',
			
 
				+        })
			
 
				+        self.assertEqual(response.status_code, 403)
			
 
				+        self.assertEqual(len(mail.outbox), 0)
			
 
				+
			
 
				 
			
 
				 class TestDataImport(TestCase):
			
 
				     fixtures = ['bottle_data.yaml']
			
--- a/wifiwithme/apps/contribmap/views.py
+++ b/wifiwithme/apps/contribmap/views.py
@@ -9,13 +9,16 @@ from django.views.generic import View
 
				 
			
 
				 from .forms import PublicContribForm
			
 
				 from .models import Contrib
			
 
				+from .decorators import prevent_robots
			
 
				 
			
 
				 
			
 
				+@prevent_robots()
			
 
				 def add_contrib(request):
			
 
				     if request.method == 'GET':
			
 
				         form = PublicContribForm()
			
 
				     elif request.method == 'POST':
			
 
				         form = PublicContribForm(request.POST)
			
 
				+
			
 
				         if form.is_valid():
			
 
				             contrib = form.save()